Alternatives and similar repositories for oss-rebuild

Users that are interested in oss-rebuild are comparing it to the libraries listed below

• google / osv-scalibr
  OSV-SCALIBR: A library for Software Composition Analysis
  ☆537Updated this week
• google / vanir
  Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system…
  ☆342Updated last month
• gittuf / gittuf
  A security layer for Git repositories
  ☆557Updated last week
• coder / httpjail
  HTTP(s) request filter for processes
  ☆794Updated 2 weeks ago
• mongodb / kingfisher
  Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab,…
  ☆627Updated this week
• google / deps.dev
  Resources for the deps.dev API
  ☆354Updated last week
• safedep / vet
  Protect against malicious open source packages 🤖
  ☆846Updated this week
• DeepSourceCorp / globstar
  Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
  ☆464Updated 4 months ago
• step-security / harden-runner
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆920Updated last week
• reteps / dockerfmt
  Dockerfile formatter. a modern dockfmt.
  ☆566Updated last month
• icann / icann-rdap
  ICANN implementation of the Registry Data Access Protocol (RDAP)
  ☆412Updated 2 weeks ago
• octo-sts / app
  A GitHub App that acts like a Security Token Service (STS) for the Github API
  ☆243Updated last week
• google / osv-scanner-action
  ☆47Updated last week
• evanrolfe / trayce_gui
  ☆451Updated 2 months ago
• sigstore / sigstore
  Common go library shared across sigstore services and clients
  ☆491Updated last week
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆122Updated last week
• riseandignite / mcp-shield
  Security scanner for MCP servers
  ☆528Updated 7 months ago
• apiiro / PRevent
  Prevent merging of malicious code in pull requests
  ☆239Updated 8 months ago
• noperator / jqfmt
  like gofmt, but for jq
  ☆377Updated 4 months ago
• vet-run / vet
  vet is a command-line tool that acts as a safety net for the risky curl | bash pattern. It lets you inspect, diff against previous versio…
  ☆969Updated 3 months ago
• xeol-io / xeol
  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
  ☆419Updated last week
• Checkmarx / 2ms
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
  ☆136Updated last week
• edera-dev / styrolite
  Programmatic sandboxing tool
  ☆258Updated last week
• chainguard-dev / malcontent
  #supply #chain #attack #detection
  ☆566Updated last week
• openvex / spec
  OpenVEX Specification
  ☆162Updated 5 months ago
• qpoint-io / qtap
  Qtap: An eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating pr…
  ☆1,364Updated last week
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆293Updated last week
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆407Updated this week
• protobom / protobom
  A universal SBOM representation in protocol buffers
  ☆307Updated last week
• nianticlabs / venator
  A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalo…
  ☆383Updated last year