CycodeLabs / gh-injection-vuln-demo
Demos for our research on Github actions script injection vulnerabilities
☆12Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for gh-injection-vuln-demo
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 3 months ago
- Enrich SBOMs with data from third party services☆113Updated last week
- Utility that provides an API platform for validating, querying and managing BOM data☆94Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆56Updated last week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆70Updated last week
- A tool to create, transform and attest VEX metadata☆116Updated this week
- SBOM quality score - Quality metrics for your sboms☆184Updated this week
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆186Updated 2 months ago
- Potential WG on Artificial Intelligence and Machine Learning (AI/ML)☆53Updated 3 weeks ago
- GitHub Action for creating software bill of materials using Syft.☆165Updated last week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆57Updated last year
- Format agnostic SBOM tooling☆78Updated this week
- Check SPDX SBOM for NTIA minimum elements☆53Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆125Updated 9 months ago
- Software Supply Chain Security Platform☆286Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆75Updated this week
- OpenVEX Specification☆130Updated 4 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆247Updated this week
- Throw a tag at it and it comes back with a checksum.☆85Updated this week
- OWASP Kubernetes security and compliance tool [WIP]☆103Updated last year
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆440Updated last month
- Go module to generate and transform VEX documents☆34Updated 2 weeks ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- General sigstore community repo☆38Updated this week
- boostsecurityio/poutine☆229Updated last week
- ☆16Updated 5 months ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆57Updated 2 weeks ago
- Repository for on-going work as part of the AIBOM Tiger Team effort.☆16Updated 2 months ago
- Cryptography Bill of Materials☆56Updated last month
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated 9 months ago