devops-kung-fu / trustierLinks
Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
☆11Updated 7 months ago
Alternatives and similar repositories for trustier
Users that are interested in trustier are comparing it to the libraries listed below
Sorting:
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆125Updated 3 months ago
- The security workflow engine!☆136Updated last month
- A standard API specification for exchanging supply chain artifacts and intelligence☆95Updated 3 weeks ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆114Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆139Updated last year
- ☆37Updated 8 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆177Updated last month
- A tool to check the security settings of Github Organizations.☆75Updated 2 years ago
- A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or art…☆70Updated last month
- Format agnostic SBOM tooling☆130Updated last month
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆210Updated this week
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆32Updated last year
- 💅🏽 analyzes your github actions☆97Updated this week
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated 2 years ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated 9 months ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Updated last year
- ☆22Updated 5 months ago
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆60Updated this week
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆40Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆68Updated 6 months ago
- ☆115Updated 4 months ago
- Demonstrates how a malicious dependency could negatively impact the build output.☆25Updated 2 years ago
- Scan GitHub Actions Workflow logs for IOCs☆16Updated 3 weeks ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆42Updated last year
- ☆85Updated this week
- A comprehensive checklist and guide for organizations looking to implement a robust cybersecurity program☆45Updated 3 weeks ago
- Generate a score for your sbom to understand if it will actually be useful.☆236Updated last year
- A tool to create, transform and attest VEX metadata☆170Updated this week
- Pentester-focused Docker registry tool to enumerate and pull images☆37Updated 2 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.☆55Updated this week