Alternatives and similar repositories for platform

Users that are interested in platform are comparing it to the libraries listed below

• in-toto / witness
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆487Updated this week
• cloud-native-security-controls / controls-catalog
  ☆16Updated last year
• CycloneDX / cyclonedx-bom-repo-server
  A BOM repository server for distributing CycloneDX BOMs
  ☆77Updated last year
• in-toto / attestation
  in-toto Attestation Framework
  ☆279Updated last week
• FedRAMP / rfcs
  FedRAMP Requests For Comments (RFCs)
  ☆18Updated this week
• notaryproject / notation
  A CLI tool to sign and verify artifacts
  ☆413Updated last week
• elinesterov / awesome-spiffe-spire
  Curated list of SPIFFE and SPIRE resources
  ☆56Updated 2 years ago
• elastic / csp-security-policies
  Cloud Security Posture security policies
  ☆31Updated 9 months ago
• in-toto / go-witness
  Go implementation of witness
  ☆37Updated this week
• guacsec / guac-visualizer
  Visualizer for GUAC
  ☆28Updated 3 weeks ago
• defenseunicorns / lula
  The Compliance Validator
  ☆180Updated this week
• awslabs / security-hub-compliance-analyzer
  A compliance analysis tool which enables organizations to more quickly articulate their compliance posture and also generate supporting e…
  ☆45Updated last month
• wiz-sec-public / namespacehound
  NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.
  ☆100Updated 5 months ago
• buildsec / frsca
  ☆237Updated last week
• mondoohq / cnspec
  An open source, cloud-native security to protect everything from build to runtime
  ☆303Updated this week
• spiffe / spire-tutorials
  ☆100Updated 2 months ago
• open-telemetry / sig-security
  ☆12Updated this week
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆71Updated 2 years ago
• threatcl / threatcl
  Documenting your Threat Models with HCL
  ☆431Updated 3 weeks ago
• in-toto / archivista
  Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
  ☆98Updated this week
• notaryproject / ratify
  Artifact Ratification Framework (CNCF Sandbox)
  ☆267Updated this week
• someengineering / cloud-security-list
  A list of cloud security tools and vendors.
  ☆169Updated 9 months ago
• ckotzbauer / sbom-operator
  Catalogue all images of a Kubernetes cluster to multiple targets with Syft
  ☆202Updated last week
• bgeesaman / malicious-compliance
  Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"
  ☆67Updated last year
• spdx / ntia-conformance-checker
  Check SPDX SBOM for NTIA minimum elements
  ☆64Updated last week
• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆82Updated this week
• jetstack / tally
  ☆14Updated last year
• anchore / vunnel
  Tool for collecting vulnerability data from various sources (used to build the grype database)
  ☆99Updated this week
• PQCA / cbomkit
  A toolset for dealing with Cryptography Bill of Materials (CBOM)
  ☆32Updated this week
• chainguard-dev / vex
  vexctl is a tool to attest VEX impact statements
  ☆44Updated 2 years ago