Alternatives and similar repositories for cve-bin-tool-action

Users that are interested in cve-bin-tool-action are comparing it to the libraries listed below

• uhafner / autograding-github-action
  GitHub Action to autograde projects based on a configurable set of metrics
  ☆30Updated last week
• microsoft / sarif-vscode-extension
  SARIF Microsoft Visual Studio Code extension
  ☆132Updated this week
• kusaridev / skootrs
  A CLI tool for creating secure by design/default source repos.
  ☆28Updated last year
• cncf / clowarden
  CLOWarden is a tool that manages access to resources across multiple services
  ☆61Updated last week
• spdx / spdx-examples
  Examples of SPDX files for software combinations
  ☆142Updated 2 months ago
• oasis-tcs / sarif-spec
  OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
  ☆192Updated this week
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated last year
• sigstore / root-signing
  TUF repository for Sigstore trust root
  ☆117Updated this week
• advanced-security / component-detection-dependency-submission-action
  ☆20Updated last week
• sonatype-nexus-community / ahab
  ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.
  ☆68Updated 2 weeks ago
• kusaridev / spector
  Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks
  ☆33Updated 9 months ago
• oracle / macaron
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆186Updated this week
• opossum-tool / OpossumUI
  A light-weight app to audit and inventory large codebases for open source license compliance.
  ☆72Updated this week
• ossf / alpha-omega
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
  ☆112Updated this week
• nyph-infosec / daggerboard
  ☆102Updated last year
• pierluigi / org-invite
  Invite users to a GitHub team in bulk
  ☆12Updated 4 years ago
• anchore / yardstick
  Compare vulnerability scanners results (to make them better!)
  ☆27Updated last week
• ossf / Project-Security-Metrics
  Collect, curate, and communicate relevant security metrics for open source projects.
  ☆63Updated last year
• eclipse-jbom / jbom
  ☆122Updated 9 months ago
• advanced-security / secret-scanning-review-action
  Action to detect if a secret is initially detected in a pull request
  ☆19Updated this week
• spdx / spdx-3-model
  The model for the information captured in SPDX version 3 standard.
  ☆97Updated 2 weeks ago
• clearlydefined / service
  The service side of clearlydefined.io
  ☆50Updated this week
• act-project / TAC
  Automating Compliance Tooling Project
  ☆22Updated 4 years ago
• AevaOnline / supply-chain-synthesis
  Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
  ☆33Updated 2 years ago
• scanoss / engine
  SCANOSS Open Source Inventory Engine
  ☆41Updated this week
• philips-labs / slsa-provenance-action
  Github Action implementation of SLSA Provenance Generation
  ☆50Updated this week
• advanced-security / gh-sbom
  Generate SBOMs with gh CLI
  ☆198Updated 8 months ago
• CycloneDX / sbom-combiner
  Lockheed Martin developed utility to combine multiple CycloneDX SBOMs
  ☆13Updated 3 years ago
• advanced-security / GSSAR
  GitHub Secret Scanning Auto Remediator (GSSAR)
  ☆46Updated last month
• anthonyharrison / sbom-manager
  Manage collection of SBOMs (Software Bill of Materials)
  ☆14Updated last year