SecureStackCo / actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated last year
Alternatives and similar repositories for actions-sbom:
Users that are interested in actions-sbom are comparing it to the libraries listed below
- SecureStack Application Bill of Materials (ABOM/SBOM)☆13Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging a…☆15Updated 2 years ago
- Clean accounts over permissions in GCP infra at scale☆71Updated last year
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!☆21Updated last year
- A catalog of services that can be publicly exposed within different cloud providers.☆14Updated 6 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆126Updated this week
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 6 months ago
- ☆12Updated 3 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated this week
- boostsecurityio/lotp☆112Updated this week
- Protect against subdomain takeover☆93Updated 9 months ago
- Security tool against dependency typosquatting attacks☆39Updated this week
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated 4 months ago
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆110Updated this week
- A tool to check the security settings of Github Organizations.☆71Updated last year
- ☆110Updated last year
- ☆111Updated last month
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- A project to visualize the software supply chain☆39Updated last year
- GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environm…☆17Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆103Updated 3 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated this week
- ☆163Updated 5 months ago