communitysec / sbom-hall-of-fame
A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of material) to actually manage and reduce security risk in meaningful ways
☆42Updated last year
Alternatives and similar repositories for sbom-hall-of-fame:
Users that are interested in sbom-hall-of-fame are comparing it to the libraries listed below
- A tool for preventing the installation of malicious PyPI and npm packages☆127Updated this week
- An SBOM query language and associated utilities☆54Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated this week
- ☆111Updated 2 months ago
- Compares and analyzes GCP IAM roles.☆77Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated 4 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- GCP CSPM using Google Sheets☆35Updated 9 months ago
- prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.☆39Updated this week
- Knowledge Report Alert & Normalization Generator☆27Updated 11 months ago
- Automate vulnerability triage which prioritizes remediation over discovery☆15Updated this week
- A tool to check the security settings of Github Organizations.☆71Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆80Updated 2 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆86Updated last week
- Protect against subdomain takeover☆93Updated 9 months ago
- ☆16Updated 10 months ago
- PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicySh…☆59Updated 3 years ago
- https://breaches.cloud☆38Updated 4 months ago
- ☆18Updated 11 months ago
- ☆14Updated 2 years ago
- Security Alert Decoration☆26Updated last week
- ☆163Updated 6 months ago
- Automated testing, generation & manipulation of #osquery packs☆72Updated 4 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- OpenVEX Specification☆142Updated 8 months ago
- ☆53Updated 2 weeks ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- A tool to create, transform and attest VEX metadata☆131Updated this week