Alternatives and similar repositories for criticality_score

Users that are interested in criticality_score are comparing it to the libraries listed below

• ossf / allstar
  GitHub App to set and enforce security policies
  ☆1,338Updated this week
• ossf / wg-securing-critical-projects
  Helping allocate resources to secure the critical open source projects we all depend on.
  ☆356Updated last month
• package-url / purl-spec
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆791Updated last week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,682Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,940Updated this week
• tern-tools / tern
  Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…
  ☆990Updated last year
• guacsec / guac
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,373Updated this week
• CycloneDX / specification
  OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
  ☆402Updated last week
• awesomeSBOM / awesome-sbom
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆532Updated last month
• ossf / scorecard-action
  Official GitHub Action for OpenSSF Scorecard.
  ☆312Updated this week
• oss-review-toolkit / ort
  A suite of tools to automate software compliance checks.
  ☆1,769Updated this week
• ossf / package-analysis
  Open Source Package Analysis
  ☆833Updated 2 months ago
• sigstore / sigstore
  Common go library shared across sigstore services and clients
  ☆485Updated last week
• step-security / harden-runner
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆837Updated this week
• mahmoud / calver
  📅 The web's go-to resource for Calendar Versioning info.
  ☆531Updated last year
• in-toto / in-toto
  in-toto is a framework to protect supply chain integrity.
  ☆934Updated last month
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆492Updated 6 months ago
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆364Updated 6 months ago
• ossf / wg-security-tooling
  OpenSSF Security Tooling Working Group
  ☆311Updated last year
• fossas / fossa-cli
  Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Langua…
  ☆1,399Updated this week
• coreinfrastructure / best-practices-badge
  🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
  ☆1,273Updated last week
• chaoss / grimoirelab
  GrimoireLab: platform for software development analytics and insights
  ☆537Updated last week
• spdx / spdx-spec
  The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
  ☆328Updated last week
• google / deps.dev
  Resources for the deps.dev API
  ☆325Updated last week
• ossf / wg-supply-chain-integrity
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
  ☆184Updated last year
• sigstore / rekor
  Software Supply Chain Transparency Log
  ☆973Updated last week
• step-security / secure-repo
  Orchestrate GitHub Actions Security
  ☆289Updated 3 weeks ago
• github / codeql-action
  Actions for running CodeQL analysis
  ☆1,288Updated this week
• github / MVG
  MVG = Minimum Viable Governance
  ☆399Updated last year
• google / licenseclassifier
  A License Classifier
  ☆329Updated 4 months ago