Alternatives and similar repositories for chain-bench

Users that are interested in chain-bench are comparing it to the libraries listed below

• aquasecurity / chain-bench-action

  View on GitHub
  ☆20Nov 24, 2022Updated 3 years ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆514Updated this week
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆237Aug 13, 2024Updated last year
• chainguard-dev / ssc-reading-list

  View on GitHub
  A reading list for software supply-chain security.
  ☆366Nov 21, 2022Updated 3 years ago
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆829Mar 28, 2025Updated 10 months ago
• aquasecurity / appshield

  View on GitHub
  Security configuration checks for popular cloud native applications and infrastructure.
  ☆119Feb 16, 2022Updated 3 years ago
• cider-security-research / top-10-cicd-security-risks

  View on GitHub
  ☆422Jan 18, 2023Updated 3 years ago
• devops-kung-fu / bomber

  View on GitHub
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆597Mar 31, 2025Updated 10 months ago
• sigstore / gitsign

  View on GitHub
  Keyless Git signing using Sigstore
  ☆1,057Updated this week
• aquasecurity / tracee

  View on GitHub
  Linux Runtime Security and Forensics using eBPF
  ☆4,362Updated this week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,446Updated this week
• aquasecurity / cloudsploit

  View on GitHub
  Cloud Security Posture Management (CSPM)
  ☆3,694Dec 4, 2025Updated 2 months ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆972Feb 3, 2026Updated last week
• argonsecurity / pipeline-parser

  View on GitHub
  ☆16Sep 4, 2025Updated 5 months ago
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated 11 months ago
• OWASP / www-project-kubernetes-top-ten

  View on GitHub
  OWASP Foundation Web Respository
  ☆601Nov 24, 2025Updated 2 months ago
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,252Feb 6, 2026Updated last week
• onelittlenightmusic / opactl

  View on GitHub
  A simple tool for converting Rego (OPA) rule into command.
  ☆30Jun 1, 2022Updated 3 years ago
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,289Feb 5, 2026Updated last week
• reposaur / reposaur

  View on GitHub
  Open source compliance tool for development platforms.
  ☆285Oct 30, 2023Updated 2 years ago
• PaloAltoNetworks / IAM-Deescalate

  View on GitHub
  IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
  ☆98Sep 14, 2022Updated 3 years ago
• sigstore / cosign

  View on GitHub
  Code signing and transparency for containers and binaries
  ☆5,633Feb 4, 2026Updated last week
• scribe-public / gitgat

  View on GitHub
  Evaluate source control (GitHub) security posture
  ☆251Mar 8, 2023Updated 2 years ago
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,262Feb 6, 2026Updated last week
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,362Updated this week
• aquasecurity / tfsec

  View on GitHub
  Tfsec is now part of Trivy
  ☆6,952Nov 10, 2025Updated 3 months ago
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,809Updated this week
• aquasecurity / postee

  View on GitHub
  Notice: Postee is no longer under active development or maintenance.
  ☆206Jan 22, 2026Updated 3 weeks ago
• openclarity / openclarity

  View on GitHub
  OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
  ☆1,449Updated this week
• PaloAltoNetworks / rbac-police

  View on GitHub
  Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
  ☆351Mar 21, 2025Updated 10 months ago
• tenable / terrascan

  View on GitHub
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆5,206Nov 20, 2025Updated 2 months ago
• ksoclabs / awesome-kubernetes-security

  View on GitHub
  A curated list of awesome Kubernetes security resources
  ☆954Dec 15, 2023Updated 2 years ago
• open-policy-agent / awesome-opa

  View on GitHub
  A curated list of OPA related tools, frameworks and articles
  ☆861Jan 16, 2026Updated 3 weeks ago
• deepfence / ThreatMapper

  View on GitHub
  Open Source Cloud Native Application Protection Platform (CNAPP)
  ☆5,233Jan 8, 2026Updated last month
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 2 years ago
• aquasecurity / trivy

  View on GitHub
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆31,602Updated this week
• slsa-framework / slsa-github-generator

  View on GitHub
  Language-agnostic SLSA provenance generation for Github Actions
  ☆545Oct 20, 2025Updated 3 months ago
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339Updated this week