ShiftLeftSecurity / scan-action
☆52Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for scan-action
- GitHub Secret Scanning Auto Remediator (GSSAR)☆44Updated last year
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- ☆67Updated last month
- Publishes BOMs to Dependency-Track from GitHub Actions☆47Updated last month
- Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.☆49Updated this week
- Github Action implementation of SLSA Provenance Generation☆47Updated this week
- A tool to check the security settings of Github Organizations.☆69Updated last year
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated 7 months ago
- GitHub Advance Security Compliance Action☆132Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 2 months ago
- GitHub Advanced Security Policy as Code☆72Updated this week
- Scan repository for secrets with basic defaults in place for easy setup.☆21Updated this week
- Examples of using Snyk's SBOM APIs.☆16Updated 2 years ago
- GitHub Action for creating software bill of materials using Syft.☆165Updated last week
- StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…☆48Updated last week
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated this week
- ☆78Updated 6 months ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- A GitHub action for organizations that enables advanced security code scanning on all new repos☆37Updated 9 months ago
- Security scanning & static analysis tool☆93Updated 3 weeks ago
- Sharing software supply chain security open source projects☆39Updated last year
- Enrich SBOMs with data from third party services☆113Updated last week
- Static analysis for CloudFormation templates to identify common misconfiguration☆58Updated 2 years ago
- Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts☆20Updated last week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆75Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- A tool to create, transform and attest VEX metadata☆116Updated this week
- Action to detect if a secret is initially detected in a pull request☆12Updated this week
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 4 months ago
- A tool that aims to bulk automates the enablement of GitHub Code Scanning, Secret Scanning and Dependabot across multiple repositories.☆152Updated 4 months ago