devops-kung-fu / trustier
Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
☆11Updated 5 months ago
Alternatives and similar repositories for trustier:
Users that are interested in trustier are comparing it to the libraries listed below
- A standard API specification for exchanging supply chain artifacts and intelligence☆73Updated 2 weeks ago
- boostsecurityio/lotp☆112Updated this week
- Semgrep-based Policy Controller for Kubernetes☆47Updated this week
- A tool for preventing the installation of malicious PyPI and npm packages☆127Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆131Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- ☆47Updated this week
- The security workflow engine!☆102Updated this week
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated this week
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 3 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.☆55Updated last week
- ☆111Updated 2 months ago
- Format agnostic SBOM tooling☆100Updated this week
- ☆67Updated last month
- ☆21Updated 3 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆132Updated this week
- ☆163Updated 6 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆80Updated 2 months ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 4 months ago
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 6 months ago
- AI featured threat modeling and security review action☆43Updated 3 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆91Updated last month
- ☆53Updated 2 weeks ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆39Updated last year
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆52Updated last month
- A PoC to Simulate Ransomware Attack on AWS Environment☆30Updated 4 months ago
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆113Updated this week