ShiftLeftSecurity / scan-actionLinks
☆53Updated 3 years ago
Alternatives and similar repositories for scan-action
Users that are interested in scan-action are comparing it to the libraries listed below
Sorting:
- Github Action implementation of SLSA Provenance Generation☆49Updated last week
- Generate a score for your sbom to understand if it will actually be useful.☆231Updated 11 months ago
- GitHub Action for creating software bill of materials using Syft.☆196Updated last week
- CLI for searching Rego policies☆105Updated 3 years ago
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆51Updated last year
- Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec☆113Updated 10 months ago
- A tool to create, transform and attest VEX metadata☆151Updated this week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Updated 2 years ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.☆193Updated last year
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆94Updated this week
- Publishes BOMs to Dependency-Track from GitHub Actions☆55Updated 10 months ago
- Security configuration checks for popular cloud native applications and infrastructure.☆119Updated 3 years ago
- A Github Action to automatically update digests for container images.☆68Updated 2 months ago
- Enrich SBOMs with data from third party services☆183Updated this week
- Trivy's misconfiguration scanning engine☆218Updated 6 months ago
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- Pre-commit git hooks for Open Policy Agent (OPA) and Rego development☆66Updated last month
- Git action to generate security lint report for Kubernetes workload YAML files on PR☆28Updated 3 years ago
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated 2 weeks ago
- A GitHub action to help you scan your docker image for vulnerabilities☆221Updated 2 years ago
- Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.☆53Updated last week
- SBOM Edit - Conditional edits and merging of SBOMs☆74Updated last week
- Assumes roles in AWS that have useful role session tags☆41Updated last year
- Github action to run dependency check☆82Updated 2 months ago
- Anchore container analysis and scan provided as a GitHub Action☆250Updated this week
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- SBOM Assess - Evaluate SBOM quality and compliance☆221Updated last week
- Kubernetes Common Configuration Scoring System☆123Updated 3 years ago