SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated 2 years ago
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.☆75Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- Clean accounts over permissions in GCP infra at scale☆71Updated 2 years ago
- Compares and analyzes GCP IAM roles.☆78Updated 10 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated 2 years ago
- 🖇️ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.☆76Updated last year
- Scans every git push to your Github organisations to find unwanted secrets.☆87Updated 8 months ago
- Protect against subdomain takeover☆95Updated 6 months ago
- ☆76Updated 3 months ago
- ☆114Updated 2 years ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆155Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆177Updated last month
- A project to visualize the software supply chain☆57Updated 2 years ago
- ☆115Updated 5 months ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆82Updated 3 years ago
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context P…☆137Updated 7 months ago
- 💅🏽 analyzes your github actions☆97Updated 2 weeks ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆32Updated last year
- Semgrep-based Policy Controller for Kubernetes☆47Updated 9 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teams☆47Updated 3 years ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Updated last year
- PII detection platform, leveraging human-in-the-loop AI☆53Updated last year
- ☆10Updated 3 years ago
- sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.☆81Updated 4 years ago
- A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or art…☆70Updated last month
- The security workflow engine!☆135Updated 2 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆140Updated 2 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆68Updated 6 months ago
- A tool to uncover undocumented APIs from the AWS Console.☆116Updated 8 months ago
- ☆191Updated 9 months ago