Alternatives and similar repositories for scorecard

Users that are interested in scorecard are comparing it to the libraries listed below

• ossf / allstar

  View on GitHub
  GitHub App to set and enforce security policies
  ☆1,391Feb 9, 2026Updated last week
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,362Feb 11, 2026Updated last week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,809Updated this week
• sigstore / cosign

  View on GitHub
  Code signing and transparency for containers and binaries
  ☆5,649Updated this week
• anchore / grype

  View on GitHub
  A vulnerability scanner for container images and filesystems
  ☆11,571Updated this week
• aquasecurity / trivy

  View on GitHub
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆31,904Updated this week
• ossf / scorecard-action

  View on GitHub
  Official GitHub Action for OpenSSF Scorecard.
  ☆356Feb 10, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,446Updated this week
• google / osv-scanner

  View on GitHub
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆8,461Updated this week
• semgrep / semgrep

  View on GitHub
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆14,137Updated this week
• kubescape / kubescape

  View on GitHub
  Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security…
  ☆11,188Updated this week
• aquasecurity / tfsec

  View on GitHub
  Tfsec is now part of Trivy
  ☆6,952Nov 10, 2025Updated 3 months ago
• falcosecurity / falco

  View on GitHub
  Cloud Native Runtime Security
  ☆8,653Updated this week
• tenable / terrascan

  View on GitHub
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆5,201Nov 20, 2025Updated 2 months ago
• sigstore / rekor

  View on GitHub
  Software Supply Chain Transparency Log
  ☆1,078Feb 10, 2026Updated last week
• prowler-cloud / prowler

  View on GitHub
  Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud envir…
  ☆12,983Updated this week
• google / osv.dev

  View on GitHub
  Open source vulnerability DB and triage service.
  ☆2,485Updated this week
• gitleaks / gitleaks

  View on GitHub
  Find secrets with Gitleaks 🔑
  ☆24,879Jan 8, 2026Updated last month
• trufflesecurity / trufflehog

  View on GitHub
  Find, verify, and analyze leaked credentials
  ☆24,575Updated this week
• DependencyTrack / dependency-track

  View on GitHub
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,599Updated this week
• cncf / tag-security

  View on GitHub
  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
  ☆2,256Dec 8, 2025Updated 2 months ago
• quay / clair

  View on GitHub
  Vulnerability Static Analysis for Containers
  ☆10,928Updated this week
• ossf / package-analysis

  View on GitHub
  Open Source Package Analysis
  ☆863Apr 16, 2025Updated 10 months ago
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆989Updated this week
• sigstore / gitsign

  View on GitHub
  Keyless Git signing using Sigstore
  ☆1,060Updated this week
• Checkmarx / kics

  View on GitHub
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,572Feb 10, 2026Updated last week
• google / oss-fuzz

  View on GitHub
  OSS-Fuzz - continuous fuzzing for open source software.
  ☆11,900Updated this week
• open-policy-agent / opa

  View on GitHub
  Open Policy Agent (OPA) is an open source, general-purpose policy engine.
  ☆11,219Updated this week
• aquasecurity / tracee

  View on GitHub
  Linux Runtime Security and Forensics using eBPF
  ☆4,362Feb 9, 2026Updated last week
• securego / gosec

  View on GitHub
  Go security checker
  ☆8,674Updated this week
• aquasecurity / kube-bench

  View on GitHub
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,940Updated this week
• dagger / dagger

  View on GitHub
  Automation engine to build, test and ship any codebase. Runs locally, in CI, or directly in the cloud
  ☆15,427Updated this week
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆973Feb 11, 2026Updated last week
• praetorian-inc / gokart

  View on GitHub
  A static analysis tool for securing Go code
  ☆2,167Jan 23, 2024Updated 2 years ago
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆962Feb 8, 2026Updated last week
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆514Updated this week
• getsops / sops

  View on GitHub
  Simple and flexible tool for managing secrets
  ☆20,784Updated this week
• cloudquery / cloudquery

  View on GitHub
  Data pipelines for cloud config and security data. Build cloud asset inventory, CSPM, FinOps, and vulnerability management solutions. Ext…
  ☆6,321Feb 9, 2026Updated last week
• infracost / infracost

  View on GitHub
  Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!
  ☆12,164Feb 10, 2026Updated last week