communitysec / sbom-hall-of-fame
A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of material) to actually manage and reduce security risk in meaningful ways
☆42Updated last year
Alternatives and similar repositories for sbom-hall-of-fame:
Users that are interested in sbom-hall-of-fame are comparing it to the libraries listed below
- An SBOM query language and associated utilities☆54Updated last year
- ☆16Updated 10 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆128Updated last week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- ☆112Updated 2 months ago
- Compares and analyzes GCP IAM roles.☆77Updated last week
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated 5 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- OpenVEX Specification☆143Updated 8 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated last week
- A tool to check the security settings of Github Organizations.☆71Updated last year
- Automated testing, generation & manipulation of #osquery packs☆72Updated 5 months ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated 10 months ago
- A tool to create, transform and attest VEX metadata☆132Updated this week
- https://breaches.cloud☆38Updated 5 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- GCP CSPM using Google Sheets☆35Updated 9 months ago
- ☆53Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆87Updated this week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- Knowledge Report Alert & Normalization Generator☆27Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 3 months ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- ☆60Updated 8 months ago
- A Golang program to rotate AWS & GCP account keys☆65Updated last week
- AWS honey token manager☆87Updated 7 months ago
- Enrich SBOMs with data from third party services☆161Updated last month
- Format agnostic SBOM tooling☆102Updated this week