aboutcode-org / scancode-actionLinks
Run ScanCode.io pipelines from your Workflows
☆11Updated last month
Alternatives and similar repositories for scancode-action
Users that are interested in scancode-action are comparing it to the libraries listed below
Sorting:
- GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…☆213Updated this week
- Official GitHub Action for OpenSSF Scorecard.☆338Updated last week
- Publishes BOMs to Dependency-Track from GitHub Actions☆55Updated last year
- Tool to export test reports from the Snyk CLI to HTML.☆100Updated last week
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆134Updated this week
- Anchore container analysis and scan provided as a GitHub Action☆255Updated this week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆150Updated this week
- Orchestrate GitHub Actions Security☆297Updated 2 months ago
- A GitHub Action for running the ZAP Baseline scan☆340Updated 3 months ago
- A BOM repository server for distributing CycloneDX BOMs☆82Updated 3 months ago
- Examples of SPDX files for software combinations☆136Updated 4 months ago
- Github action to generate BoM and upload to OWASP dependency track for vulnerability analysis☆48Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆129Updated 9 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆416Updated this week
- Enrich SBOMs with data from third party services☆196Updated last month
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆104Updated last week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆52Updated this week
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆29Updated last year
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆105Updated this week
- Python implementation of OWASP CycloneDX☆88Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆38Updated 5 months ago
- ☆15Updated 2 years ago
- Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).☆96Updated last year
- A Python library to parse, validate and create SPDX documents.☆227Updated 3 months ago
- GitHub actions of KICS scan - Keeping Infrastructure as Code Secure☆52Updated 3 weeks ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆432Updated last week
- Generate SBOMs with gh CLI☆193Updated 4 months ago
- Machine-readable specification for the attestation of security-relevant data.☆63Updated last month
- A license scanner for container images and filesystems.☆110Updated last week