communitysec / sbom-hall-of-fameLinks
A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of material) to actually manage and reduce security risk in meaningful ways
☆42Updated last year
Alternatives and similar repositories for sbom-hall-of-fame
Users that are interested in sbom-hall-of-fame are comparing it to the libraries listed below
Sorting:
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated 2 weeks ago
- An SBOM query language and associated utilities☆54Updated last year
- Compares and analyzes GCP IAM roles.☆77Updated 5 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- A tool for preventing the installation of malicious npm and PyPI packages☆153Updated this week
- ☆113Updated 2 weeks ago
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆31Updated 9 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- Useful scripts, Docker images, docker-compose apps, and Terraform modules.☆150Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆58Updated last year
- A Golang program to rotate AWS & GCP account keys☆66Updated 2 months ago
- Automated testing, generation & manipulation of #osquery packs☆73Updated 9 months ago
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆116Updated 2 months ago
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Scan GitHub Actions Workflow logs for IOCs☆15Updated 2 weeks ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆82Updated last week
- Generate a score for your sbom to understand if it will actually be useful.☆231Updated 11 months ago
- A tool to create, transform and attest VEX metadata☆151Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆101Updated this week
- GCP CSPM using Google Sheets☆36Updated 4 months ago
- Security Alert Decoration☆27Updated 2 weeks ago
- https://breaches.cloud☆41Updated 9 months ago
- Runtime Security Solution for your CI/CD Pipeline☆108Updated last month
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆107Updated 7 months ago
- ☆35Updated 3 months ago
- ☆63Updated last year
- Documenting your Threat Models with HCL☆432Updated 2 months ago
- ☆56Updated 2 weeks ago