devops-kung-fu / trustierLinks
Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
☆11Updated last month
Alternatives and similar repositories for trustier
Users that are interested in trustier are comparing it to the libraries listed below
Sorting:
- A standard API specification for exchanging supply chain artifacts and intelligence☆81Updated 2 weeks ago
- ☆21Updated 7 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆135Updated last year
- Semgrep-based Policy Controller for Kubernetes☆47Updated 2 months ago
- sbomify is an SBOM management platform.☆24Updated this week
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated last week
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆31Updated 8 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- ☆54Updated this week
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Updated last year
- The security workflow engine!☆117Updated this week
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 8 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆55Updated 4 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆95Updated 4 months ago
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆116Updated last month
- Demonstrates how a malicious dependency could negatively impact the build output.☆24Updated last year
- ☆73Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆100Updated 5 months ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 9 months ago
- Reference architecture and proof of concept implementation for supply chain security gateway☆23Updated 2 years ago
- A CLI that scans for sensitive data in source code☆14Updated 2 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 7 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆148Updated this week
- Compares and analyzes GCP IAM roles.☆77Updated 3 months ago
- Unauthenticated enumeration of AWS IAM Roles.☆25Updated 5 months ago
- ☆41Updated 3 months ago
- ☆98Updated 4 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated last year