Alternatives and similar repositories for scan-action:

Users that are interested in scan-action are comparing it to the libraries listed below

• snyk / broker
  A broker system between a public service and a private service
  ☆106Updated this week
• philips-labs / slsa-provenance-action
  Github Action implementation of SLSA Provenance Generation
  ☆47Updated this week
• VexStore / fatbom
  fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…
  ☆32Updated 2 years ago
• triat / terraform-security-scan
  Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
  ☆112Updated 5 months ago
• advanced-security / GSSAR
  GitHub Secret Scanning Auto Remediator (GSSAR)
  ☆44Updated last year
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆226Updated 7 months ago
• GeekMasher / advanced-security-compliance
  GitHub Advance Security Compliance Action
  ☆133Updated 2 years ago
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated 2 months ago
• slsa-framework / github-actions-demo
  Proof-of-concept SLSA provenance generator for GitHub Actions
  ☆99Updated 2 years ago
• anchore / sbom-action
  GitHub Action for creating software bill of materials using Syft.
  ☆176Updated last week
• sysdiglabs / terraform-provider-sysdig
  Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.
  ☆52Updated this week
• peter-murray / github-security-report-action
  ☆79Updated 11 months ago
• semgrep / semgrep-action
  This project is deprecated. Use https://github.com/returntocorp/semgrep instead
  ☆73Updated 11 months ago
• SvanBoxel / zaproxy-to-ghas
  Present ZAProxy results in GitHub Advanced Security
  ☆16Updated 10 months ago
• CycloneDX / license-scanner
  Utility that provides an API and CLI to identify licenses and legal terms
  ☆43Updated 9 months ago
• hupe1980 / cdk-threagile
  Agile Threat Modeling as Code
  ☆13Updated 2 years ago
• DependencyTrack / gh-upload-sbom
  Publishes BOMs to Dependency-Track from GitHub Actions
  ☆52Updated 5 months ago
• sysdiglabs / benchmark-dockerfile
  Github action to benchmark dockerfiles in github repository.
  ☆12Updated 2 years ago
• sysdiglabs / k8s-security-configwatch
  Git action to generate security lint report for Kubernetes workload YAML files on PR
  ☆28Updated 3 years ago
• openvex / vexctl
  A tool to create, transform and attest VEX metadata
  ☆133Updated this week
• chainguard-dev / clank
  Simple tool that allows you to detect imposter commits in GitHub Actions workflows.
  ☆23Updated 3 months ago
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆71Updated last year
• owenrumney / go-sarif
  Go library for sarif - Static Analysis Results Interchange Format
  ☆72Updated last week
• sysdiglabs / scan-action
  Inline Image Scan Github Action
  ☆30Updated last month
• github / ghas-jira-integration
  Synchronize GitHub Code Scanning alerts to Jira issues
  ☆84Updated last month
• in-toto / attestation-verifier
  Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
  ☆16Updated this week
• reviewdog / action-tfsec
  Run tfsec with reviewdog on pull requests to enforce security best practices
  ☆74Updated this week
• aquasecurity / cfsec
  Static analysis for CloudFormation templates to identify common misconfiguration
  ☆57Updated 3 years ago
• slsa-framework / slsa-github-generator-go
  ☆56Updated 2 years ago
• open-policy-agent / setup-opa
  Sets up Open Policy Agent CLI in your GitHub Actions workflow.
  ☆48Updated last year