SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
โ24Updated last year
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- ๐๏ธ STRIDE vs. ASVS equivalence tableโ76Updated 9 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsโ61Updated 2 years ago
- HashiCorp-relevant rules for the Semgrep code analysis toolโ41Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.โ41Updated last year
- Clean accounts over permissions in GCP infra at scaleโ71Updated 2 years ago
- A project to visualize the software supply chainโ52Updated last year
- Protect against subdomain takeoverโ92Updated last year
- โ111Updated last year
- Compares and analyzes GCP IAM roles.โ77Updated 2 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrixโ58Updated last year
- SecureStack Application Bill of Materials (ABOM/SBOM)โ13Updated 2 years ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard aโฆโ30Updated 7 months ago
- โ49Updated 2 years ago
- A meta-database collecting resources that compile lists of breachesโ20Updated 7 months ago
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events iโฆโ41Updated last month
- โ68Updated 3 weeks ago
- Maturity Model Collaborative projectโ15Updated 2 years ago
- Threat Modeling Manifestoโ28Updated 10 months ago
- Semgrep rules corresponding to the OWASP ASVS standardโ27Updated 4 years ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.โ38Updated 3 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)โ23Updated last month
- โ63Updated 2 years ago
- โ112Updated last week
- A CLI that scans for sensitive data in source codeโ14Updated 2 years ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/โ51Updated 6 months ago
- Convert cloudtrail data to MITRE ATT&CK Sightingsโ80Updated 2 years ago
- Scans every git push to your Github organisations to find unwanted secrets.โ87Updated last month
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. โฆโ65Updated 11 months ago
- ๐งช Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.โ39Updated 5 months ago
- โ183Updated last month