SecureStackCo / actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated last year
Alternatives and similar repositories for actions-sbom:
Users that are interested in actions-sbom are comparing it to the libraries listed below
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated last year
- SecureStack Application Bill of Materials (ABOM/SBOM)☆13Updated 2 years ago
- ☆110Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 7 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- ☆12Updated 5 months ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 5 months ago
- ☆163Updated 7 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- A project to visualize the software supply chain☆45Updated last year
- A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging a…☆15Updated 3 years ago
- Security tool against dependency typosquatting attacks☆39Updated last week
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆62Updated 9 months ago
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for pre…☆51Updated 4 months ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆51Updated 4 months ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- A tool to check the security settings of Github Organizations.☆71Updated last year
- WAF bypass PoC☆47Updated last year
- Protect against subdomain takeover☆93Updated 10 months ago
- ☆10Updated 2 years ago
- An open-source collection of API key rotation tutorials.☆70Updated 3 weeks ago
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).☆73Updated 11 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated this week
- A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureS…☆24Updated last year
- GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environm…☆17Updated last year
- ☆45Updated 9 months ago
- ☆112Updated 3 months ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- A tool for preventing the installation of malicious PyPI and npm packages☆133Updated last week