anchore / yardstickLinks
Compare vulnerability scanners results (to make them better!)
☆23Updated last week
Alternatives and similar repositories for yardstick
Users that are interested in yardstick are comparing it to the libraries listed below
Sorting:
- An SBOM query language and associated utilities☆54Updated last year
- a fast changelog generator sourced from PRs and Issues☆61Updated last week
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Slack alert bot for matching Github Audit Events☆10Updated 11 months ago
- SBOM Move - Automate build and transfer of SBOMs across systems☆24Updated 3 weeks ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆69Updated last month
- in-toto is a framework to secure the software supply chain.☆71Updated 9 months ago
- Demo repository for running eBPF in GitHub Actions☆22Updated 6 months ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆92Updated last month
- Static analysis for CloudFormation templates to identify common misconfiguration☆56Updated 3 years ago
- Various tools, images, etc. to support the Wolfi OSS project☆26Updated last week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆102Updated this week
- GitHub action to run Kubescape scans☆21Updated 10 months ago
- vscode extension for tfsec☆30Updated 2 years ago
- ☆27Updated 5 months ago
- Privateer is a plugin-based framework to validate the status of deployed resources.☆16Updated last week
- Common Golang Packages for use by the Various Cloud Nuke Tools☆47Updated last week
- ☆41Updated 2 years ago
- A collection of reusable Github Actions workflows.☆146Updated this week
- a tool to audit the istio service mesh☆173Updated 4 years ago
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆23Updated last week
- Security advisory data for Wolfi☆20Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆110Updated 4 months ago
- ☆50Updated this week
- ☆30Updated last week
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- Grype vulnerability check plugin for Visual Studio Code☆23Updated 10 months ago
- Powering the OpenTofu Registry Search (beta)☆18Updated last month
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆111Updated 9 months ago
- Format agnostic SBOM tooling☆116Updated last week