meta-fun / awesome-software-supply-chain-security

Related projects: ⓘ

• IBM / sbom-utility
  This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility
  ☆61Updated last year
• anchore / vunnel
  Tool for collecting vulnerability data from various sources (used to build the grype database)
  ☆69Updated this week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆85Updated 7 months ago
• CycloneDX / sbom-utility
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆88Updated last month
• ocurity / dracon
  Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon
  ☆70Updated this week
• chainguard-dev / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆42Updated last year
• openvex / spec
  OpenVEX Specification
  ☆125Updated 2 months ago
• CycloneDX / cyclonedx-bom-repo-server
  A BOM repository server for distributing CycloneDX BOMs
  ☆73Updated 6 months ago
• ossf / package-feeds
  Feed parsing for language package manager updates
  ☆71Updated this week
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆63Updated this week
• chainguard-dev / self-attestation
  Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.
  ☆20Updated last year
• cloud-native-security-controls / controls-catalog
  ☆16Updated 4 months ago
• chainguard-dev / vex
  vexctl is a tool to attest VEX impact statements
  ☆44Updated last year
• iriusrisk / startleft
  StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…
  ☆47Updated this week
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆123Updated 7 months ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆165Updated 7 months ago
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆54Updated 2 months ago
• praetorian-inc / snowcat
  a tool to audit the istio service mesh
  ☆173Updated 2 years ago
• chainguard-dev / bomshell
  An SBOM query language and associated utilities
  ☆54Updated 7 months ago
• DependencyTrack / gh-upload-sbom
  Publishes BOMs to Dependency-Track from GitHub Actions
  ☆41Updated 3 weeks ago
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆68Updated last year
• openvex / vexctl
  A tool to create, transform and attest VEX metadata
  ☆109Updated last week
• VexStore / fatbom
  fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…
  ☆32Updated last year
• spdx / spdx-to-osv
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆60Updated 3 months ago
• OWASP / www-project-devsecops-maturity-model
  OWASP Foundation Web Respository
  ☆52Updated last year
• tacosframework / TACOS-spec
  TACOS framework structural details
  ☆19Updated 9 months ago
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆133Updated 5 months ago
• snyk / parlay
  Enrich SBOMs with data from third party services
  ☆108Updated 3 weeks ago
• CycloneDX / license-scanner
  Utility that provides an API and CLI to identify licenses and legal terms
  ☆43Updated 3 months ago
• Threagile / run-threagile-action
  GitHub action to run Threagile, the agile threat modeling toolkit, on a repo's threagile.yaml file
  ☆13Updated 4 months ago