aquasecurity/chain-bench external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

aquasecurity/chain-bench

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/aquasecurity/chain-bench)

Close

aquasecurity / chain-benchView on GitHubMore

• External links
• Readme badge

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

☆770Dec 11, 2024Updated last year

Alternatives and similar repositories for chain-bench

Users that are interested in chain-bench are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• argonsecurity / pipeline-parser

  View on GitHub
  ☆16Sep 4, 2025Updated 6 months ago
• aideslucas / local-package-cli

  View on GitHub
  The perfect package to work with packages locally
  ☆18May 28, 2022Updated 3 years ago
• aquasecurity / trivy-plugin-aqua

  View on GitHub
  ☆12Mar 17, 2026Updated last week
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆520Updated this week
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆239Aug 13, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆836Mar 28, 2025Updated 11 months ago
• chainguard-dev / ssc-reading-list

  View on GitHub
  A reading list for software supply-chain security.
  ☆365Nov 21, 2022Updated 3 years ago
• aquasecurity / appshield

  View on GitHub
  Security configuration checks for popular cloud native applications and infrastructure.
  ☆119Feb 16, 2022Updated 4 years ago
• sigstore / gitsign

  View on GitHub
  Keyless Git signing using Sigstore
  ☆1,067Mar 19, 2026Updated last week
• aquasecurity / postee

  View on GitHub
  Notice: Postee is no longer under active development or maintenance.
  ☆206Mar 17, 2026Updated last week
• devops-kung-fu / bomber

  View on GitHub
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆606Feb 10, 2026Updated last month
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆982Mar 16, 2026Updated last week
• OWASP / www-project-kubernetes-top-ten

  View on GitHub
  OWASP Foundation Web Respository
  ☆602Mar 19, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,462Updated this week
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• cider-security-research / top-10-cicd-security-risks

  View on GitHub
  ☆423Jan 18, 2023Updated 3 years ago
• aquasecurity / cloudsploit

  View on GitHub
  Cloud Security Posture Management (CSPM)
  ☆3,717Feb 23, 2026Updated last month
• sigstore / cosign

  View on GitHub
  Code signing and transparency for containers and binaries
  ☆5,734Mar 19, 2026Updated last week
• scribe-public / gitgat

  View on GitHub
  Evaluate source control (GitHub) security posture
  ☆251Mar 8, 2023Updated 3 years ago
• reposaur / reposaur

  View on GitHub
  Open source compliance tool for development platforms.
  ☆286Oct 30, 2023Updated 2 years ago
• aquasecurity / trivy

  View on GitHub
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆33,205Mar 19, 2026Updated last week
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated last year
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,541Updated this week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,830Mar 11, 2026Updated 2 weeks ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• owenrumney / lazytrivy

  View on GitHub
  Vulnerability scanning just got lazier
  ☆319Mar 19, 2026Updated last week
• bureado / awesome-software-supply-chain-security

  View on GitHub
  A compilation of resources in the software supply chain security domain, with emphasis on open source
  ☆349Mar 14, 2026Updated last week
• openclarity / openclarity

  View on GitHub
  OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
  ☆1,453Mar 16, 2026Updated last week
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,315Mar 19, 2026Updated last week
• aquasecurity / go-git-pr-commenter

  View on GitHub
  library for adding comments to git PRs
  ☆15Dec 2, 2025Updated 3 months ago
• PaloAltoNetworks / IAM-Deescalate

  View on GitHub
  IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
  ☆98Sep 14, 2022Updated 3 years ago
• slsa-framework / slsa-github-generator

  View on GitHub
  Language-agnostic SLSA provenance generation for Github Actions
  ☆554Mar 9, 2026Updated 2 weeks ago
• devops-kung-fu / trustier

  View on GitHub
  Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
  ☆10May 19, 2025Updated 10 months ago
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,320Mar 10, 2026Updated 2 weeks ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• kubernetes-sigs / tejolote

  View on GitHub
  A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
  ☆72Updated this week
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• aquasecurity / defsec

  View on GitHub
  Trivy's misconfiguration scanning engine
  ☆214Jan 23, 2025Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,283Mar 12, 2026Updated 2 weeks ago
• awesomeSBOM / awesome-sbom

  View on GitHub
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆573May 20, 2025Updated 10 months ago
• anchore / grype

  View on GitHub
  A vulnerability scanner for container images and filesystems
  ☆11,769Updated this week
• crashappsec / github-analyzer

  View on GitHub
  A tool to check the security settings of Github Organizations.
  ☆75Feb 9, 2026Updated last month