Alternatives and similar repositories for oss-rebuild

Users that are interested in oss-rebuild are comparing it to the libraries listed below

• gittuf / gittuf
  A security layer for Git repositories
  ☆571Updated this week
• google / osv-scalibr
  OSV-SCALIBR: A library for Software Composition Analysis
  ☆560Updated last week
• coder / httpjail
  HTTP(s) request filter for processes
  ☆815Updated 3 weeks ago
• google / deps.dev
  Resources for the deps.dev API
  ☆376Updated this week
• reteps / dockerfmt
  Dockerfile formatter. a modern dockfmt.
  ☆584Updated 3 months ago
• octo-sts / app
  A GitHub App that acts like a Security Token Service (STS) for the Github API
  ☆301Updated this week
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆304Updated 2 months ago
• DeepSourceCorp / globstar
  Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
  ☆474Updated 6 months ago
• step-security / harden-runner
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆951Updated this week
• noperator / jqfmt
  like gofmt, but for jq
  ☆384Updated 3 weeks ago
• riseandignite / mcp-shield
  Security scanner for MCP servers
  ☆545Updated 9 months ago
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆131Updated 2 months ago
• sigstore / sigstore
  Common go library shared across sigstore services and clients
  ☆496Updated last week
• icann / icann-rdap
  ICANN implementation of the Registry Data Access Protocol (RDAP)
  ☆423Updated this week
• AkihiroSuda / gomodjail
  [Experimental] jail for Go modules
  ☆113Updated last week
• google / osv-scanner-action
  ☆62Updated 2 weeks ago
• edera-dev / styrolite
  Programmatic sandboxing tool
  ☆263Updated this week
• sigstore / gitsign
  Keyless Git signing using Sigstore
  ☆1,052Updated this week
• mongodb / kingfisher
  Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab,…
  ☆784Updated last week
• protobom / protobom
  A universal SBOM representation in protocol buffers
  ☆315Updated last week
• vet-run / vet
  vet is a command-line tool that acts as a safety net for the risky curl | bash pattern. It lets you inspect, diff against previous versio…
  ☆975Updated 5 months ago
• ossf / security-baseline
  ☆140Updated last week
• xeol-io / xeol
  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
  ☆428Updated last week
• GitHubSecurityLab / actions-permissions
  GitHub token permissions Monitor and Advisor actions
  ☆351Updated 2 months ago
• facebook / dotslash
  Simplified executable deployment
  ☆802Updated this week
• reproducible-containers / diffoci
  diff for Docker and OCI container images
  ☆545Updated this week
• slsa-framework / slsa-github-generator
  Language-agnostic SLSA provenance generation for Github Actions
  ☆542Updated 3 months ago
• openvex / spec
  OpenVEX Specification
  ☆164Updated 2 weeks ago
• evanrolfe / trayce_gui
  ☆456Updated 4 months ago
• specfy / stack-analyser
  Extract +700 technologies from any repository. Detect Languages, SaaS, Cloud, Infrastructure, Dependencies and Services
  ☆394Updated last week