CycodeLabs / gh-injection-vuln-demoLinks
Demos for our research on Github actions script injection vulnerabilities
☆13Updated last year
Alternatives and similar repositories for gh-injection-vuln-demo
Users that are interested in gh-injection-vuln-demo are comparing it to the libraries listed below
Sorting:
- Runtime Security Solution for your CI/CD Pipeline☆112Updated last week
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆125Updated 4 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆237Updated last year
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆225Updated 8 months ago
- A comprehensive framework and assessment toolkit for measuring and improving Cloud Native security maturity across 8 critical business fu…☆10Updated 7 months ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆267Updated last week
- Enrich SBOMs with data from third party services☆214Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆186Updated this week
- Scan GitHub Actions Workflow logs for IOCs☆16Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆449Updated this week
- A tool to check the security settings of Github Organizations.☆75Updated this week
- OpenVEX Specification☆166Updated 3 weeks ago
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆215Updated this week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆59Updated 2 years ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆493Updated 7 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆98Updated 2 weeks ago
- GitHub Advanced Security Policy as Code☆95Updated last month
- A full insecure kubernetes application for testing security tools☆90Updated 3 months ago
- GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfigurati…☆172Updated last year
- A tool to create, transform and attest VEX metadata☆172Updated last week
- ☆255Updated 2 weeks ago
- Count distinct contributor of Snyk watched repos across several SCM☆32Updated 3 weeks ago
- Utility that provides an API platform for validating, querying and managing BOM data☆124Updated last month
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆179Updated 2 months ago
- Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.☆189Updated this week
- boostsecurityio/poutine☆361Updated last week
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆104Updated 2 weeks ago
- Format agnostic SBOM tooling☆131Updated 2 months ago
- A reading list for software supply-chain security.☆366Updated 3 years ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Updated 3 weeks ago