ForAllSecure / mapi-action
🤖 Run a Mayhem for API scan in GitHub Actions
☆23Updated 3 months ago
Related projects: ⓘ
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated 5 months ago
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆86Updated 2 weeks ago
- Publishes BOMs to Dependency-Track from GitHub Actions☆41Updated 3 weeks ago
- Semgrep extension for Visual Studio Code☆53Updated last week
- A tool to check the security settings of Github Organizations.☆68Updated last year
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- A draft standard for communicating a cryptographic record of build inputs for software artifacts.☆23Updated 10 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 6 months ago
- ☆22Updated 2 years ago
- Securing open-source package ecosystems by originating, validating, and augmenting build attestations.☆23Updated last week
- Security scanning & static analysis tool☆92Updated last year
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- Format agnostic SBOM tooling☆63Updated this week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆69Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated last year
- Open Source Vulnerability schema.☆176Updated this week
- Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).☆94Updated 5 months ago
- A place to systematically store software bill of materials (SBOM) documents.☆42Updated last year
- A tool to generate a SBOM (Software Bill of Materials) for an installed Python module☆25Updated 3 weeks ago
- SPDX Merge tool☆39Updated last week
- ☆51Updated 6 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated last week
- TACOS framework structural details☆19Updated 9 months ago
- in-toto is a framework to secure the software supply chain.☆66Updated 2 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆66Updated last week
- Mayhem example templates for programming languages and fuzzers that you love!☆26Updated 8 months ago
- A report formatter for Bandit (a Python security analyzer) that produces output in the SARIF format.☆18Updated last year
- Static analysis for CloudFormation templates to identify common misconfiguration☆58Updated 2 years ago
- Protocol Buffer specifications☆22Updated last week