anchore / yardstickLinks
Compare vulnerability scanners results (to make them better!)
☆22Updated last week
Alternatives and similar repositories for yardstick
Users that are interested in yardstick are comparing it to the libraries listed below
Sorting:
- An SBOM query language and associated utilities☆54Updated last year
- SBOM Move - Automate build and transfer of SBOMs across systems☆23Updated last week
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- a fast changelog generator sourced from PRs and Issues☆63Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆102Updated this week
- Slack alert bot for matching Github Audit Events☆10Updated 10 months ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆89Updated last week
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆69Updated 3 weeks ago
- Demo repository for running eBPF in GitHub Actions☆22Updated 6 months ago
- ☆41Updated 2 years ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- ☆54Updated last week
- ☆89Updated 4 months ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Updated 2 years ago
- Grype vulnerability check plugin for Visual Studio Code☆23Updated 9 months ago
- Github Action implementation of SLSA Provenance Generation☆50Updated last week
- ☆25Updated 4 months ago
- ☆30Updated 2 weeks ago
- Privateer is a plugin-based framework to validate the status of deployed resources.☆15Updated this week
- A collection of reusable Github Actions workflows.☆142Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆109Updated 9 months ago
- ☆56Updated 2 weeks ago
- Security advisory data for Wolfi☆20Updated this week
- in-toto is a framework to secure the software supply chain.☆71Updated 8 months ago
- ☆50Updated this week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- Static analysis for CloudFormation templates to identify common misconfiguration☆56Updated 3 years ago
- Various tools, images, etc. to support the Wolfi OSS project☆25Updated this week
- ☆74Updated 4 months ago
- A tool to create, transform and attest VEX metadata☆155Updated this week