Santandersecurityresearch / cryptobom-forge
Tools and utilities needed to parse GitHub Multi-Repository Variant Analysis output
☆19Updated 6 months ago
Alternatives and similar repositories for cryptobom-forge:
Users that are interested in cryptobom-forge are comparing it to the libraries listed below
- This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.☆33Updated last week
- PQC Transition Tools Index☆29Updated last month
- A toolset for dealing with Cryptography Bill of Materials (CBOM)☆28Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆78Updated last week
- Cryptography Bill of Materials☆67Updated 2 months ago
- Scan GitHub Actions Workflow logs for IOCs☆15Updated this week
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆76Updated 6 months ago
- A community collection of security reviews of open source software components.☆93Updated last year
- ☆47Updated this week
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆95Updated 2 weeks ago
- Exploit Prediction Scoring System (EPSS)☆25Updated 2 years ago
- StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…☆50Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆133Updated last year
- Library to ingest and generate VEX documents☆15Updated 2 months ago
- OpenVEX Specification☆145Updated 3 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆120Updated 3 months ago
- Network Cryptography Monitor - using eBPF, written in python☆28Updated 3 weeks ago
- Technical Advisory Council☆122Updated last week
- OWASP Foundation Web Respository☆31Updated 2 years ago
- Supply chain security for ML☆154Updated last week
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- A CLI tool for creating secure by design/default source repos.☆25Updated 8 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆181Updated last year
- Format agnostic SBOM tooling☆105Updated this week
- ☆25Updated last year
- A tool to check the security settings of Github Organizations.☆71Updated last year
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11Updated 6 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆94Updated this week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆187Updated 3 weeks ago
- ☆81Updated this week