in-toto / supply-chain-compromisesLinks
☆22Updated 3 years ago
Alternatives and similar repositories for supply-chain-compromises
Users that are interested in supply-chain-compromises are comparing it to the libraries listed below
Sorting:
- A dataset of software supply chain compromises. Please help us maintain it!☆129Updated 2 years ago
- Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.☆43Updated 2 years ago
- ☆93Updated 2 years ago
- Feed parsing for language package manager updates☆79Updated 8 months ago
- A community collection of security reviews of open source software components.☆95Updated last year
- Scans every git push to your Github organisations to find unwanted secrets.☆87Updated 3 months ago
- egrets monitors egress☆46Updated 5 years ago
- Automated testing, generation & manipulation of #osquery packs☆73Updated 9 months ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 6 years ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆125Updated 6 months ago
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- Provide a shell like interface by utilizing osquery's distributed API☆81Updated 5 years ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆194Updated this week
- K8s API Honeypot with Active Defense Capabilities☆42Updated last year
- Security scanning & static analysis tool☆94Updated 9 months ago
- VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…☆71Updated last month
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated 2 years ago
- Adversary emulation for EDR/SIEM testing (macOS/Linux)☆49Updated 2 weeks ago
- Posture Attribute Collection and Evaluation☆23Updated 2 years ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆94Updated last month
- ☆98Updated 3 months ago
- Serverless honeytoken 🕵🏻♂️☆80Updated 2 years ago
- Technical Advisory Council☆128Updated last week
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆77Updated 2 weeks ago
- Docker Secure Computing Profile Generator☆48Updated 3 years ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- App that simplifies building decision trees to model adverse scenarios☆215Updated last year
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆148Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last week