google / osv-scalibrLinks
OSV-SCALIBR: A library for Software Composition Analysis
☆446Updated this week
Alternatives and similar repositories for osv-scalibr
Users that are interested in osv-scalibr are comparing it to the libraries listed below
Sorting:
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆326Updated this week
- Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system…☆341Updated last week
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆116Updated 3 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆101Updated this week
- A universal SBOM representation in protocol buffers☆297Updated this week
- Open Source Vulnerability schema.☆206Updated this week
- Enrich SBOMs with data from third party services☆188Updated this week
- OpenVEX Specification☆156Updated 2 months ago
- boostsecurityio/poutine☆309Updated last week
- ☆82Updated 6 months ago
- Resources for the deps.dev API☆334Updated 2 weeks ago
- Format agnostic SBOM tooling☆114Updated last week
- Generate a score for your sbom to understand if it will actually be useful.☆232Updated last year
- Feed parsing for language package manager updates☆78Updated 8 months ago
- #supply #chain #attack #detection☆540Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆108Updated 2 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆578Updated 4 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆118Updated this week
- ☆103Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆136Updated last year
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆498Updated 8 months ago
- PURL to CPE Relationship mapping project.☆93Updated last week
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆123Updated 6 months ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆128Updated last week
- A tool for preventing the installation of malicious npm and PyPI packages☆158Updated last week
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated 3 weeks ago
- 💅 🏽 analyzes your github actions☆93Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆328Updated 2 years ago
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆167Updated this week
- A repo to conduct vulnerability enrichment.☆670Updated this week