in-toto / supply-chain-compromisesLinks
☆22Updated 3 years ago
Alternatives and similar repositories for supply-chain-compromises
Users that are interested in supply-chain-compromises are comparing it to the libraries listed below
Sorting:
- A community collection of security reviews of open source software components.☆94Updated last year
- A dataset of software supply chain compromises. Please help us maintain it!☆128Updated 2 years ago
- Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.☆43Updated last year
- Feed parsing for language package manager updates☆79Updated 5 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- Low-effort reachability analysis for third-party code vulnerabilities.☆20Updated last year
- A tool to check the security settings of Github Organizations.☆71Updated last year
- ☆93Updated 2 years ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated 2 years ago
- Scans every git push to your Github organisations to find unwanted secrets.☆87Updated last month
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated this week
- Supply Chain Query Tool☆13Updated 3 years ago
- Provide a shell like interface by utilizing osquery's distributed API☆81Updated 4 years ago
- VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…☆68Updated 3 weeks ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- Docker Secure Computing Profile Generator☆48Updated 3 years ago
- ☆54Updated 2 weeks ago
- Scan pypi for typosquatting☆36Updated 2 years ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆50Updated 3 years ago
- Global Security Database Tools☆42Updated last year
- A library for building tools to determine if vulnerabilities are reachable in a code base.☆14Updated 9 months ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 6 years ago
- egrets monitors egress☆46Updated 5 years ago
- ☆11Updated 4 months ago
- EPSS(Exploit Prediction Scoring System) API client☆18Updated this week
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆41Updated this week
- CVE.ICU code.☆42Updated this week
- TLS-Anvil, a fully automated TLS testsuite for client and servers.☆92Updated last week
- TACOS framework structural details☆20Updated 3 weeks ago