SecureStackCo / actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated last year
Related projects ⓘ
Alternatives and complementary repositories for actions-sbom
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!☆21Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆61Updated this week
- SecureStack Application Bill of Materials (ABOM/SBOM)☆13Updated 2 years ago
- The security workflow engine!☆73Updated this week
- AI featured threat modeling and security review action☆40Updated this week
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- WAF bypass PoC☆43Updated last year
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated last month
- ☆37Updated 7 months ago
- Damn Vulnerable SCA Application☆15Updated last month
- Clean accounts over permissions in GCP infra at scale☆71Updated last year
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- A small tool to help developers understand a huge set of security requirements from appsec teams☆45Updated 2 years ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆49Updated last week
- GCP GOAT is the vulnerable application for learn the GCP Security☆62Updated last year
- GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environm…☆17Updated last year
- OWASP Foundation Web Respository☆37Updated 2 months ago
- A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition …☆21Updated 2 years ago
- ☆80Updated this week
- https://breaches.cloud☆36Updated last month
- InfoSec OpenAI Examples☆19Updated 11 months ago
- Compares and analyzes GCP IAM roles.☆76Updated 5 months ago
- ☆110Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 3 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated 11 months ago
- A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging a…☆15Updated 2 years ago
- LLM Testing Findings Templates☆65Updated 9 months ago