A GitHub App that acts like a Security Token Service (STS) for the Github API
☆313Mar 4, 2026Updated this week
Alternatives and similar repositories for app
Users that are interested in app are comparing it to the libraries listed below
Sorting:
- ☆54Dec 3, 2025Updated 3 months ago
- Scan GitHub Actions Workflow logs for IOCs☆16Feb 27, 2026Updated last week
- A GitHub Action used for publishing an Action to ghcr.io as an OCI container.☆115Aug 8, 2025Updated 7 months ago
- Throw a tag at it and it comes back with a checksum.☆157Updated this week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆103Apr 23, 2024Updated last year
- Keyless Git signing using Sigstore☆1,067Updated this week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆979Feb 28, 2026Updated last week
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆88Updated this week
- Repository for the Enterprise Certificate Proxy project.☆30Updated this week
- A repository containing a collection of "glue" modules for encapsulating common Cloud Run patterns.☆28Updated this week
- Software Supply Chain Security Platform☆377Updated this week
- Semgrep-based Policy Controller for Kubernetes☆47Apr 4, 2025Updated 11 months ago
- ☆20Feb 5, 2026Updated last month
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆495Jun 27, 2025Updated 8 months ago
- A tool for securing CI/CD workflows with version pinning.☆883Updated this week
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆518Updated this week
- GitHub token permissions Monitor and Advisor actions☆354Jan 31, 2026Updated last month
- GitHub Actions linter☆207Updated this week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Feb 28, 2026Updated last week
- #supply #chain #attack #detection☆646Updated this week
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆60Mar 1, 2026Updated last week
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆63Aug 4, 2021Updated 4 years ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆99Feb 11, 2026Updated 3 weeks ago
- Cloud Commotion intends to cause chaos to simulate security incidents☆146Jun 18, 2024Updated last year
- Plugin for Helm to integrate the sigstore ecosystem☆68Feb 27, 2026Updated last week
- Language-agnostic SLSA provenance generation for Github Actions☆549Feb 28, 2026Updated last week
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆142Jan 2, 2025Updated last year
- Build OCI images from APK packages directly without Dockerfile☆1,560Updated this week
- A simple mitmproxy blueprint to intercept HTTPS traffic from app running on Kubernetes☆75Apr 14, 2025Updated 10 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆118Mar 3, 2026Updated last week
- [Experimental] jail for Go modules☆134Mar 2, 2026Updated last week
- ☆29Aug 9, 2024Updated last year
- Static analysis for GitHub Actions☆3,755Updated this week
- GitHub Action to automate versioning, releases, and documentation for Terraform modules in monorepos.☆214Updated this week
- Software Supply Chain Transparency Log☆1,092Updated this week
- 🍺 Alcoholless: lightweight security sandbox for Homebrew, AI agents, etc. on macOS☆143Updated this week
- JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.☆283Updated this week
- Expand IAM Actions with Wildcards☆34Mar 2, 2026Updated last week