aquasecurity/chain-bench

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/aquasecurity/chain-bench)

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

☆769

Alternatives and similar repositories for chain-bench

Users that are interested in chain-bench are comparing it to the libraries listed below

Sorting:

aquasecurity / chain-bench-action
View on GitHub
☆20Nov 24, 2022Updated 3 years ago
in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆518Updated this week
eBay / sbom-scorecard
View on GitHub
Generate a score for your sbom to understand if it will actually be useful.
☆238Aug 13, 2024Updated last year
chainguard-dev / ssc-reading-list
View on GitHub
A reading list for software supply-chain security.
☆365Nov 21, 2022Updated 3 years ago
Legit-Labs / legitify
View on GitHub
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
☆832Mar 28, 2025Updated 11 months ago
aquasecurity / appshield
View on GitHub
Security configuration checks for popular cloud native applications and infrastructure.
☆119Feb 16, 2022Updated 4 years ago
cider-security-research / top-10-cicd-security-risks
View on GitHub
☆423Jan 18, 2023Updated 3 years ago
devops-kung-fu / bomber
View on GitHub
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
☆603Feb 10, 2026Updated 3 weeks ago
sigstore / gitsign
View on GitHub
Keyless Git signing using Sigstore
☆1,066Updated this week
aquasecurity / tracee
View on GitHub
Linux Runtime Security and Forensics using eBPF
☆4,406Updated this week
guacsec / guac
View on GitHub
GUAC aggregates software security metadata into a high fidelity graph database.
☆1,450Updated this week
aquasecurity / cloudsploit
View on GitHub
Cloud Security Posture Management (CSPM)
☆3,707Feb 23, 2026Updated last week
in-toto / in-toto
View on GitHub
in-toto is a framework to protect supply chain integrity.
☆976Feb 11, 2026Updated 3 weeks ago
argonsecurity / pipeline-parser
View on GitHub
☆16Sep 4, 2025Updated 6 months ago
jdyke / gcp-iam-analyzer
View on GitHub
Compares and analyzes GCP IAM roles.
☆78Mar 9, 2025Updated 11 months ago
OWASP / www-project-kubernetes-top-ten
View on GitHub
OWASP Foundation Web Respository
☆601Nov 24, 2025Updated 3 months ago
primeharbor / sensitive_iam_actions
View on GitHub
Crowdsourced list of sensitive IAM Actions
☆159Oct 29, 2024Updated last year
onelittlenightmusic / opactl
View on GitHub
A simple tool for converting Rego (OPA) rule into command.
☆30Jun 1, 2022Updated 3 years ago
DataDog / stratus-red-team
View on GitHub
Granular, Actionable Adversary Emulation for the Cloud
☆2,267Updated this week
BishopFox / cloudfox
View on GitHub
Automating situational awareness for cloud penetration tests.
☆2,299Updated this week
reposaur / reposaur
View on GitHub
Open source compliance tool for development platforms.
☆285Oct 30, 2023Updated 2 years ago
PaloAltoNetworks / IAM-Deescalate
View on GitHub
IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
☆98Sep 14, 2022Updated 3 years ago
scribe-public / gitgat
View on GitHub
Evaluate source control (GitHub) security posture
☆251Mar 8, 2023Updated 2 years ago
sigstore / cosign
View on GitHub
Code signing and transparency for containers and binaries
☆5,683Feb 26, 2026Updated last week
ossf / scorecard
View on GitHub
OpenSSF Scorecard - Security health metrics for Open Source
☆5,283Feb 25, 2026Updated last week
anchore / syft
View on GitHub
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
☆8,435Updated this week
aquasecurity / tfsec
View on GitHub
Tfsec is now part of Trivy
☆6,961Nov 10, 2025Updated 3 months ago
slsa-framework / slsa
View on GitHub
Supply-chain Levels for Software Artifacts
☆1,816Updated this week
aquasecurity / postee
View on GitHub
Notice: Postee is no longer under active development or maintenance.
☆206Feb 22, 2026Updated last week
openclarity / openclarity
View on GitHub
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
☆1,450Updated this week
PaloAltoNetworks / rbac-police
View on GitHub
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
☆350Mar 21, 2025Updated 11 months ago
tenable / terrascan
View on GitHub
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
☆5,201Nov 20, 2025Updated 3 months ago
ksoclabs / awesome-kubernetes-security
View on GitHub
A curated list of awesome Kubernetes security resources
☆954Dec 15, 2023Updated 2 years ago
open-policy-agent / awesome-opa
View on GitHub
A curated list of OPA related tools, frameworks and articles
☆865Jan 16, 2026Updated last month
deepfence / ThreatMapper
View on GitHub
Open Source Cloud Native Application Protection Platform (CNAPP)
☆5,236Updated this week
chainguard-dev / vex
View on GitHub
vexctl is a tool to attest VEX impact statements
☆45Mar 27, 2023Updated 2 years ago
aquasecurity / trivy
View on GitHub
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
☆32,280Feb 26, 2026Updated last week
slsa-framework / slsa-github-generator
View on GitHub
Language-agnostic SLSA provenance generation for Github Actions
☆549Updated this week
DataDog / threatest
View on GitHub
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
☆338Feb 13, 2026Updated 2 weeks ago