anchore / yardstick
Compare vulnerability scanners results (to make them better!)
☆14Updated this week
Related projects: ⓘ
- a fast changelog generator sourced from PRs and Issues☆50Updated this week
- An SBOM query language and associated utilities☆54Updated 7 months ago
- ☆32Updated this week
- Slack alert bot for matching Github Audit Events☆10Updated 3 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆69Updated this week
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated this week
- Github Action implementation of SLSA Provenance Generation☆47Updated 2 weeks ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated last year
- Grype vulnerability check plugin for Visual Studio Code☆20Updated this week
- A CLI tool for creating secure by design/default source repos.☆24Updated last month
- TACOS framework structural details☆19Updated 9 months ago
- Format agnostic SBOM tooling☆63Updated this week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆31Updated 2 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆20Updated last year
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- ☆30Updated 4 months ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆30Updated 8 months ago
- OpenVEX Specification☆125Updated 2 months ago
- ☆26Updated this week
- SPDX Merge tool☆39Updated last week
- A tool to create, transform and attest VEX metadata☆109Updated last week
- ☆56Updated 2 months ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated 3 weeks ago
- ☆17Updated 5 months ago
- A CLI used to work with the Wolfi OSS project☆53Updated this week
- ☆14Updated 10 months ago
- Sharing software supply chain security open source projects☆38Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year