SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
β25Updated 2 years ago
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.β72Updated 2 years ago
- ποΈ STRIDE vs. ASVS equivalence tableβ77Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard aβ¦β31Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis toolβ42Updated 2 years ago
- Scans every git push to your Github organisations to find unwanted secrets.β87Updated 6 months ago
- Compares and analyzes GCP IAM roles.β77Updated 8 months ago
- β114Updated 3 months ago
- Clean accounts over permissions in GCP infra at scaleβ71Updated 2 years ago
- β127Updated 2 weeks ago
- The security workflow engine!β129Updated last month
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.β177Updated 11 months ago
- β56Updated last week
- Protect against subdomain takeoverβ94Updated 3 months ago
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Pβ¦β133Updated 5 months ago
- β114Updated 2 years ago
- β10Updated 3 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β67Updated 4 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ47Updated 3 years ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.β156Updated last year
- Scans your Github Actions for security issuesβ86Updated this week
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β40Updated 3 years ago
- Examples on how to maintain security/compliance as code and to automate SecOps using the JupiterOne platform.β54Updated last year
- β72Updated 3 weeks ago
- Convert cloudtrail data to MITRE ATT&CK Sightingsβ81Updated 3 years ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.β111Updated last year
- GCP CSPM using Google Sheetsβ37Updated 7 months ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securitβ¦β36Updated last year
- A project to visualize the software supply chainβ54Updated 2 years ago
- KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.β105Updated last year