ossf / scorecard
OpenSSF Scorecard - Security health metrics for Open Source
☆4,878Updated this week
Alternatives and similar repositories for scorecard:
Users that are interested in scorecard are comparing it to the libraries listed below
- GitHub App to set and enforce security policies☆1,302Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,940Updated this week
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.☆1,865Updated this week
- Supply-chain Levels for Software Artifacts☆1,663Updated this week
- A vulnerability scanner for container images and filesystems☆9,800Updated this week
- Open source vulnerability DB and triage service.☆1,838Updated last week
- Code signing and transparency for containers and binaries☆4,899Updated last week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,376Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆839Updated last year
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,285Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,916Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,355Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,006Updated this week
- DevSecOps, ASPM, Vulnerability Management. All on one platform.☆3,992Updated this week
- Tfsec is now part of Trivy☆6,814Updated last week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,180Updated this week
- Linux Runtime Security and Forensics using eBPF☆3,863Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆4,853Updated last year
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆26,126Updated last week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,270Updated this week
- Cloud Native Runtime Security☆7,879Updated this week
- Snyk CLI scans and monitors your projects for security vulnerabilities.☆5,111Updated this week
- Open Source Package Analysis☆833Updated 3 weeks ago
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,105Updated this week
- validate the structure of your container images☆2,380Updated last month
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,577Updated this week
- A service that analyzes docker images and scans for vulnerabilities☆1,586Updated 2 years ago
- A suite of tools to automate software compliance checks.☆1,732Updated this week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆2,966Updated this week
- A tool for securing CI/CD workflows with version pinning.☆828Updated last week