SpectralOps / preflight
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
☆153Updated last year
Related projects ⓘ
Alternatives and complementary repositories for preflight
- Friends don't let friends leak secrets on their terminal window☆105Updated 3 years ago
- Allows you to manage configuration and secrets from multiple provider while masking the secrets at the deployment☆73Updated 2 years ago
- Evaluate source control (GitHub) security posture☆249Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 3 months ago
- BadRobot - Operator Security Audit Tool☆215Updated this week
- Enrich SBOMs with data from third party services☆117Updated 2 weeks ago
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆266Updated 2 months ago
- Open source compliance tool for development platforms.☆286Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Manages client side git hooks resulting in the ability to create git action pipelines.☆76Updated 4 months ago
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- An SBOM query language and associated utilities☆54Updated 9 months ago
- OpenVEX Specification☆131Updated 4 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆79Updated this week
- A tool to check the security settings of Github Organizations.☆69Updated last year
- Documenting your Threat Models with HCL☆401Updated 2 months ago
- ☆107Updated last month
- By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps…☆207Updated last year
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆139Updated this week
- Compares and analyzes GCP IAM roles.☆76Updated 5 months ago
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆76Updated this week
- Inspect certificate authorities in container images☆228Updated 6 months ago
- Interrogate your GitHub resources with the help of the world's greatest detectives: Powerpipe + Steampipe + Sherlock.☆39Updated 3 weeks ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆254Updated this week
- An open source, cloud-native security to protect everything from build to runtime☆275Updated this week
- Automate permissions to your cloud and critical applications.☆238Updated 9 months ago
- Lambda function for verifying signed images in ECS☆33Updated 8 months ago
- boostsecurityio/poutine☆231Updated this week
- AWS honey token manager☆84Updated 3 months ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆137Updated 2 years ago
- Feed parsing for language package manager updates☆71Updated this week