devops-kung-fu / trustierLinks
Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
☆11Updated last week
Alternatives and similar repositories for trustier
Users that are interested in trustier are comparing it to the libraries listed below
Sorting:
- Semgrep-based Policy Controller for Kubernetes☆47Updated last month
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆81Updated this week
- ☆21Updated 6 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆55Updated 4 months ago
- sbomify is an SBOM management platform.☆24Updated this week
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Updated last year
- Demonstrates how a malicious dependency could negatively impact the build output.☆26Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆133Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆23Updated 3 weeks ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆94Updated 3 months ago
- ☆33Updated last month
- A tool for preventing the installation of malicious PyPI and npm packages☆145Updated this week
- A tool for secrets management, encryption as a service, and privileged access management☆14Updated 2 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 2 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated last week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆95Updated 4 months ago
- ☆36Updated 9 months ago
- ☆72Updated 2 weeks ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 5 months ago
- ☆19Updated 3 years ago
- boostsecurityio/lotp☆126Updated last month
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 3 years ago
- Reference architecture and proof of concept implementation for supply chain security gateway☆23Updated 2 years ago
- A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…☆30Updated 7 months ago
- Clean accounts over permissions in GCP infra at scale☆71Updated 2 years ago
- A CLI that scans for sensitive data in source code☆14Updated 2 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆21Updated last month