devops-kung-fu / trustier
Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
☆11Updated 5 months ago
Alternatives and similar repositories for trustier:
Users that are interested in trustier are comparing it to the libraries listed below
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated 2 weeks ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆74Updated last week
- Semgrep-based Policy Controller for Kubernetes☆47Updated last week
- boostsecurityio/lotp☆115Updated last week
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated last year
- ☆21Updated 4 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆91Updated last month
- A PoC to Simulate Ransomware Attack on AWS Environment☆30Updated 5 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆53Updated last month
- A tool for preventing the installation of malicious PyPI and npm packages☆129Updated this week
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆132Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆80Updated 2 months ago
- Security tool against dependency typosquatting attacks☆39Updated this week
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 5 months ago
- ☆53Updated last week
- A CLI that scans for sensitive data in source code☆14Updated 2 years ago
- ☆18Updated 3 years ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated 5 months ago
- ☆29Updated 4 months ago
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆39Updated 6 months ago
- Format agnostic SBOM tooling☆102Updated last week
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆23Updated 8 months ago
- ☆164Updated 6 months ago
- Demonstrates how a malicious dependency could negatively impact the build output.☆25Updated last year
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 3 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆132Updated this week