endorlabs / github-action
A GitHub action you can use to scan with Endor Labs
☆45Updated last month
Alternatives and similar repositories for github-action:
Users that are interested in github-action are comparing it to the libraries listed below
- Home page of project "KB"☆123Updated last month
- SARIF Microsoft Visual Studio Code extension☆114Updated last week
- PURL to CPE Relationship mapping project.☆87Updated this week
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues☆182Updated 2 weeks ago
- User-friendly documentation for the SARIF file format.☆297Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 8 months ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆75Updated last month
- The model for the information captured in SPDX version 3 standard.☆82Updated last week
- The heart & core of Privado code scanner☆29Updated 5 months ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆315Updated 2 years ago
- Research Acceleration Platform that provides interface to multiple state-of-the-art program analysis tools including but not limited to f…☆68Updated 5 months ago
- Python implementation of OWASP CycloneDX☆80Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- Extract and combine multiple source code views using tree-sitter☆132Updated 4 months ago
- Analyse package dependency networks at the call graph level☆93Updated last year
- OpenVEX Specification☆147Updated 3 weeks ago
- Enrich SBOMs with data from third party services☆168Updated 3 weeks ago
- Repository for on-going work as part of the AIBOM Tiger Team effort.☆20Updated 7 months ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆69Updated last week
- ☆34Updated 4 months ago
- .NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs…☆200Updated 3 weeks ago
- Code Property Graph: specification, query language, and utilities☆504Updated 2 weeks ago
- Go implementation of the package url spec☆61Updated last month
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆153Updated this week
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆208Updated 2 months ago
- A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)☆17Updated 2 weeks ago
- This is an informal repo for ASSERT teammates to share awesome stuff.☆21Updated this week
- Resources for the deps.dev API☆310Updated last week
- A library to extract Code Property Graphs from C/C++, Java, Go, Python, Ruby and every other language through LLVM-IR.☆318Updated this week