anchore / yardstick
Compare vulnerability scanners results (to make them better!)
☆16Updated last week
Alternatives and similar repositories for yardstick:
Users that are interested in yardstick are comparing it to the libraries listed below
- a fast changelog generator sourced from PRs and Issues☆53Updated last week
- An SBOM query language and associated utilities☆54Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated 2 months ago
- Slack alert bot for matching Github Audit Events☆10Updated 5 months ago
- ☆48Updated this week
- A CLI used to work with the Wolfi OSS project☆60Updated this week
- TACOS framework structural details☆20Updated last year
- Various tools, images, etc. to support the Wolfi OSS project☆21Updated this week
- Github Action implementation of SLSA Provenance Generation☆48Updated last week
- ☆29Updated last week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- Manage a directory of binaries without a package manager☆28Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆94Updated this week
- ☆42Updated 6 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 3 months ago
- Docs and Tutorials for Chainguard☆83Updated this week
- Static analysis for CloudFormation templates to identify common misconfiguration☆57Updated 3 years ago
- Grype vulnerability check plugin for Visual Studio Code☆22Updated 4 months ago
- SBOM Grep - search through SBOMs☆25Updated 2 months ago
- Format agnostic SBOM tooling☆105Updated this week
- Security advisory data for Wolfi☆17Updated this week
- vscode extension for tfsec☆30Updated 2 years ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated last year
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆23Updated 4 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- ☆25Updated last year
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆89Updated this week
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆69Updated this week
- ☆62Updated 9 months ago