anchore / cve-data-enrichment
☆14Updated this week
Alternatives and similar repositories for cve-data-enrichment:
Users that are interested in cve-data-enrichment are comparing it to the libraries listed below
- ☆47Updated this week
- Compare vulnerability scanners results (to make them better!)☆16Updated this week
- Automate vulnerability triage which prioritizes remediation over discovery☆16Updated this week
- Library to ingest and generate VEX documents☆15Updated 2 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆94Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆78Updated last week
- ☆48Updated this week
- CVE.ICU code.☆41Updated this week
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).☆28Updated 2 months ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last month
- PURL to CPE Relationship mapping project.☆87Updated this week
- Sharing software supply chain security open source projects☆49Updated 2 years ago
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated last year
- Global Security Database Tools☆42Updated last year
- sbomify is an SBOM management platform.☆24Updated this week
- A meta-database collecting resources that compile lists of breaches☆18Updated 5 months ago
- SBOM Grep - search through SBOMs☆25Updated 2 months ago
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11Updated 6 months ago
- A tool to check the security settings of Github Organizations.☆71Updated last year
- A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of mater…☆42Updated last year
- Check SPDX SBOM for NTIA minimum elements☆61Updated 3 weeks ago
- Static analysis for CloudFormation templates to identify common misconfiguration☆57Updated 3 years ago
- Modron - Cloud security compliance☆33Updated 4 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- CVSS v4.0 calculator☆29Updated 8 months ago
- Global Security Database Project☆28Updated 2 years ago
- Scan GitHub Actions Workflow logs for IOCs☆15Updated this week
- A tool for preventing the installation of malicious PyPI and npm packages☆138Updated this week
- Feed parsing for language package manager updates☆78Updated 4 months ago