ossf / scorecard
OpenSSF Scorecard - Security health metrics for Open Source
☆4,849Updated this week
Alternatives and similar repositories for scorecard:
Users that are interested in scorecard are comparing it to the libraries listed below
- GitHub App to set and enforce security policies☆1,296Updated this week
- Code signing and transparency for containers and binaries☆4,848Updated last week
- Supply-chain Levels for Software Artifacts☆1,648Updated this week
- Open source vulnerability DB and triage service.☆1,807Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,835Updated this week
- Tfsec is now part of Trivy☆6,805Updated 2 months ago
- Find secrets with Gitleaks 🔑☆19,546Updated this week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,169Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,353Updated this week
- A vulnerability scanner for container images and filesystems☆9,692Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,895Updated 4 months ago
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,472Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆25,434Updated last week
- Boundary enables identity-based access management for dynamic infrastructure.☆3,914Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,266Updated this week
- Vulnerability Static Analysis for Containers☆10,584Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆837Updated last year
- Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…☆1,978Updated this week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,230Updated this week
- Open Source Package Analysis☆828Updated this week
- Actions for running CodeQL analysis☆1,240Updated this week
- An enterprise friendly way of detecting and preventing secrets in code.☆4,023Updated last month
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,982Updated this week
- A suite of tools to automate software compliance checks.☆1,711Updated this week
- Snyk CLI scans and monitors your projects for security vulnerabilities.☆5,093Updated this week
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆2,876Updated 3 months ago
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,319Updated this week
- InSpec: Auditing and Testing Framework☆2,905Updated this week
- Software Supply Chain Transparency Log☆948Updated last week
- Gives criticality score for an open source project☆1,367Updated this week