TNG / cumulus
Cumulus. Threat modeling the Clouds.
☆33Updated 2 weeks ago
Related projects: ⓘ
- Discover vulnerabilities and container image misconfiguration in production environments.☆53Updated 2 weeks ago
- Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon☆70Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆165Updated 7 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- Kubernetes audit logging, when you don't control the control plane☆64Updated this week
- Security scanning & static analysis tool☆92Updated last year
- boostsecurityio/poutine☆202Updated this week
- This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.☆24Updated 3 years ago
- Format agnostic SBOM tooling☆63Updated this week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Evaluate source control (GitHub) security posture☆248Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆76Updated this week
- A utility to (re-)import findings and language data into DefectDojo☆42Updated 6 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆56Updated last year
- BadRobot - Operator Security Audit Tool☆214Updated this week
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆71Updated last year
- OpenVEX Specification☆125Updated 2 months ago
- Compares and analyzes GCP IAM roles.☆76Updated 3 months ago
- Publishes BOMs to Dependency-Track from GitHub Actions☆41Updated 3 weeks ago
- ☆225Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆123Updated 7 months ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆64Updated 9 months ago
- A tool to create, transform and attest VEX metadata☆109Updated last week
- ☆51Updated 6 months ago
- ☆90Updated 4 months ago
- ☆16Updated 4 months ago
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆29Updated 5 months ago
- ☆56Updated 2 months ago
- A tool to check the security settings of Github Organizations.☆68Updated last year
- Audit Dependency-Track findings and policy violations via policy as code☆32Updated this week