SecureStackCo / actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated last year
Alternatives and similar repositories for actions-sbom:
Users that are interested in actions-sbom are comparing it to the libraries listed below
- All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!☆21Updated last year
- SecureStack Application Bill of Materials (ABOM/SBOM)☆13Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 5 months ago
- A catalog of services that can be publicly exposed within different cloud providers.☆13Updated 5 months ago
- A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition …☆22Updated 2 years ago
- ☆32Updated 5 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆22Updated 7 months ago
- A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging a…☆15Updated 2 years ago
- WAF bypass PoC☆46Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- Semgrep-based Policy Controller for Kubernetes☆45Updated this week
- boostsecurityio/lotp☆111Updated last month
- Protect against subdomain takeover☆92Updated 8 months ago
- A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureS…☆24Updated last year
- A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projects☆25Updated this week
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- Clean accounts over permissions in GCP infra at scale☆71Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆61Updated 7 months ago
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆63Updated this week
- ☆91Updated 2 months ago
- ☆52Updated this week
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆35Updated last month
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- ☆38Updated 9 months ago
- A tool to uncover undocumented APIs from the AWS Console.☆95Updated 2 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆45Updated 5 months ago
- ☆42Updated 3 weeks ago
- An open-source collection of API key rotation tutorials.☆63Updated last month