communitysec / sbom-hall-of-fameLinks
A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of material) to actually manage and reduce security risk in meaningful ways
☆43Updated last year
Alternatives and similar repositories for sbom-hall-of-fame
Users that are interested in sbom-hall-of-fame are comparing it to the libraries listed below
Sorting:
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated this week
- A tool for preventing the installation of malicious npm and PyPI packages☆158Updated this week
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- ☆114Updated 2 weeks ago
- Compares and analyzes GCP IAM roles.☆77Updated 5 months ago
- Useful scripts, Docker images, docker-compose apps, and Terraform modules.☆150Updated 2 weeks ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆31Updated 10 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆59Updated last year
- An SBOM query language and associated utilities☆54Updated last year
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Scan GitHub Actions Workflow logs for IOCs☆15Updated this week
- AWS honey token manager☆87Updated last year
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆116Updated 3 months ago
- ☆14Updated 3 years ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆88Updated last week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆175Updated 9 months ago
- Automated testing, generation & manipulation of #osquery packs☆73Updated 10 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated last year
- A Golang program to rotate AWS & GCP account keys☆66Updated 3 months ago
- https://breaches.cloud☆42Updated 10 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆233Updated last year
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆40Updated last year
- This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector finding…☆49Updated last month
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 10 months ago
- 💅🏽 analyzes your github actions☆93Updated this week
- Documenting your Threat Models with HCL☆433Updated 2 months ago
- ☆36Updated 4 months ago