ossf / package-manager-best-practicesLinks
Collection of security best practices for package managers.
☆162Updated 2 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below
Sorting:
- Find security vulnerabilities in open source npm packages while you code☆206Updated 3 years ago
- ESLint plugin to detect and stop Trojan Source attacks☆77Updated 2 years ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆121Updated 4 months ago
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆238Updated 3 weeks ago
- ☆132Updated 2 weeks ago
- Orchestrate GitHub Actions Security☆285Updated last week
- GitHub action to generate a CycloneDX SBOM for Node.js☆22Updated 4 months ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆35Updated 3 weeks ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆798Updated last month
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆128Updated last week
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆28Updated last year
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆194Updated 2 months ago
- Code-signing for npm packages☆162Updated 2 weeks ago
- Official GitHub Action for OpenSSF Scorecard.☆308Updated this week
- proxy designed to reduce the attack surface of npm publish☆116Updated last month
- GitHub token permissions Monitor and Advisor actions☆294Updated 2 weeks ago
- ☆49Updated 2 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆185Updated last year
- Security advisories for Node.js and the JavaScript ecosystem.☆41Updated 4 years ago
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆252Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 9 months ago
- Do you have a boatload of speaking gigs? Use this CLI to manage them all!☆35Updated 2 years ago
- ESLint Plugin focused on common security issues and misconfigurations.☆43Updated 3 months ago
- Generate SBOMs with gh CLI☆185Updated last week
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆88Updated this week
- Configurable linter for package.json files☆236Updated 3 weeks ago
- A tool to check the security settings of Github Organizations.☆71Updated last year
- Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).☆30Updated this week
- Action for generating SBOM attestations for workflow artifacts☆31Updated this week
- Security & License Compliance For Your App's Dependencies 🪱☆474Updated 9 months ago