SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆24Updated 2 years ago
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- SecureStack Application Bill of Materials (ABOM/SBOM)☆13Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 10 months ago
- ☆10Updated 3 years ago
- A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureS…☆24Updated 2 years ago
- Scans your Github Actions for security issues☆74Updated last week
- A catalog of services that can be publicly exposed within different cloud providers.☆14Updated 9 months ago
- Clean accounts over permissions in GCP infra at scale☆71Updated 2 years ago
- ☆113Updated last week
- A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging a…☆15Updated 3 years ago
- ☆54Updated last week
- A tool to check the security settings of Github Organizations.☆71Updated 2 years ago
- All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!☆21Updated 2 years ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Updated last year
- A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition …☆22Updated 3 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆23Updated last month
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- Protect against subdomain takeover☆92Updated last year
- ☆69Updated 2 weeks ago
- Compares and analyzes GCP IAM roles.☆77Updated 3 months ago
- AI featured threat modeling and security review action☆44Updated 7 months ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 8 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated 2 months ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆80Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆65Updated last year
- A framework for understanding the capabilities of automated detection methods at identifying classes of application security vulnerabilit…☆15Updated 3 weeks ago
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…☆44Updated last month
- ☆111Updated 2 years ago