SecureStackCo / actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
β25Updated last year
Related projects β
Alternatives and complementary repositories for actions-sbom
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ57Updated last year
- ποΈ STRIDE vs. ASVS equivalence tableβ75Updated 2 months ago
- The security workflow engine!β73Updated this week
- β110Updated last year
- Clean accounts over permissions in GCP infra at scaleβ71Updated last year
- boostsecurityio/lotpβ100Updated 7 months ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ37Updated last year
- Enriching the NVD CVSS scores to include Temporal & Threat Metricsβ61Updated this week
- WAF bypass PoCβ43Updated last year
- β51Updated 8 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β39Updated 11 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β129Updated last year
- A tool to check the security settings of Github Organizations.β69Updated last year
- Protect against subdomain takeoverβ92Updated 5 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ97Updated 9 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.β150Updated 2 months ago
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where wβ¦β84Updated last month
- A public cloud security knowledgebase - https://www.secwiki.cloud/β49Updated 8 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β39Updated 2 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β55Updated 4 months ago
- SecureStack Application Bill of Materials (ABOM/SBOM)β13Updated 2 years ago
- Semgrep rules corresponding to the OWASP ASVS standardβ27Updated 4 years ago
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for preβ¦β43Updated 6 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrixβ57Updated last year
- β151Updated 2 months ago
- β80Updated this week
- β36Updated 6 months ago
- β40Updated 5 months ago
- β93Updated this week