SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
β25Updated 2 years ago
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.β72Updated 2 years ago
- ποΈ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.β77Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- Clean accounts over permissions in GCP infra at scaleβ71Updated 2 years ago
- β131Updated last month
- HashiCorp-relevant rules for the Semgrep code analysis toolβ41Updated 2 years ago
- Scans every git push to your Github organisations to find unwanted secrets.β87Updated 7 months ago
- Compares and analyzes GCP IAM roles.β77Updated 8 months ago
- β74Updated last month
- Semgrep-based Policy Controller for Kubernetesβ47Updated 8 months ago
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Pβ¦β132Updated 6 months ago
- An open-source collection of API key rotation tutorials.β75Updated 3 months ago
- β114Updated 2 years ago
- β57Updated last week
- Protect against subdomain takeoverβ94Updated 4 months ago
- β114Updated 3 months ago
- The security workflow engine!β134Updated 2 weeks ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.β177Updated last year
- Scans your Github Actions for security issuesβ87Updated 3 weeks ago
- π ���π½ analyzes your github actionsβ97Updated 2 months ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securitβ¦β37Updated last year
- AI featured threat modeling and security review actionβ45Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ114Updated this week
- Convert cloudtrail data to MITRE ATT&CK Sightingsβ81Updated 3 years ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.β156Updated last year
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard aβ¦β31Updated last year
- GCP CSPM using Google Sheetsβ37Updated 8 months ago
- A CLI that scans for sensitive data in source codeβ14Updated 2 years ago
- A recon tool for GCP Service Account Keys that requires no permissionsβ25Updated 7 months ago
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packagesβ206Updated this week