SecureStackCo / actions-sbomLinks
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
☆25Updated 2 years ago
Alternatives and similar repositories for actions-sbom
Users that are interested in actions-sbom are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated last year
- Clean accounts over permissions in GCP infra at scale☆71Updated 2 years ago
- ☆56Updated last week
- Compares and analyzes GCP IAM roles.☆77Updated 6 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated last year
- Scans every git push to your Github organisations to find unwanted secrets.☆87Updated 4 months ago
- Protect against subdomain takeover☆93Updated 2 months ago
- A project to visualize the software supply chain☆53Updated 2 years ago
- ☆73Updated last week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆66Updated 3 months ago
- ☆113Updated 2 years ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆31Updated 11 months ago
- The security workflow engine!☆119Updated this week
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆32Updated 11 months ago
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…☆48Updated 4 months ago
- A tool for preventing the installation of malicious npm and PyPI packages☆162Updated this week
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆156Updated last year
- Convert cloudtrail data to MITRE ATT&CK Sightings☆80Updated 3 years ago
- ☆114Updated last month
- ☆10Updated 3 years ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆111Updated last month
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆177Updated 10 months ago
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context P…☆133Updated 3 months ago
- An open-source collection of API key rotation tutorials.☆73Updated 3 weeks ago
- GCP CSPM using Google Sheets☆36Updated 5 months ago
- A comprehensive checklist and guide for organizations looking to implement a robust cybersecurity program☆43Updated 2 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated 5 months ago