communitysec / sbom-hall-of-fameLinks
A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of material) to actually manage and reduce security risk in meaningful ways
☆43Updated last year
Alternatives and similar repositories for sbom-hall-of-fame
Users that are interested in sbom-hall-of-fame are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- Compares and analyzes GCP IAM roles.☆77Updated 7 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆112Updated 2 weeks ago
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆171Updated this week
- ☆14Updated 3 years ago
- ☆114Updated 2 months ago
- Useful scripts, Docker images, docker-compose apps, and Terraform modules.☆151Updated 2 weeks ago
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆34Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- AWS honey token manager☆89Updated last year
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆103Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆42Updated 2 years ago
- An SBOM query language and associated utilities☆54Updated last year
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆60Updated last year
- Security Alert Decoration☆27Updated 3 months ago
- Documenting your Threat Models with HCL☆436Updated 2 weeks ago
- A Golang program to rotate AWS & GCP account keys☆65Updated 5 months ago
- Automate vulnerability triage which prioritizes remediation over discovery☆18Updated 3 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆177Updated 11 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆103Updated this week
- ☆31Updated last year
- Automated testing, generation & manipulation of #osquery packs☆73Updated last year
- https://breaches.cloud☆42Updated last year
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆93Updated last month
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆40Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆120Updated last month
- Convert cloudtrail data to MITRE ATT&CK Sightings☆81Updated 3 years ago