ossf / scorecard
OpenSSF Scorecard - Security health metrics for Open Source
☆4,773Updated this week
Alternatives and similar repositories for scorecard:
Users that are interested in scorecard are comparing it to the libraries listed below
- GitHub App to set and enforce security policies☆1,279Updated this week
- Open source vulnerability DB and triage service.☆1,741Updated this week
- Supply-chain Levels for Software Artifacts☆1,602Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,604Updated this week
- Open Source Package Analysis☆820Updated 2 weeks ago
- Code signing and transparency for containers and binaries☆4,725Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,872Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,326Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,533Updated this week
- A suite of tools to automate software compliance checks.☆1,678Updated this week
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.☆1,811Updated this week
- Gives criticality score for an open source project☆1,359Updated this week
- Tfsec is now part of Trivy☆6,772Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,164Updated this week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,138Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,200Updated this week
- A vulnerability scanner for container images and filesystems☆9,401Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆827Updated last year
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,838Updated 2 months ago
- Vulnerability Static Analysis for Containers☆10,508Updated last week
- Support CI generation of SBOMs via golang tooling.☆421Updated last month
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆817Updated this week
- Checklist for container security - devsecops practices☆1,544Updated last year
- An enterprise friendly way of detecting and preventing secrets in code.☆3,946Updated 2 weeks ago
- Linux Runtime Security and Forensics using eBPF☆3,768Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆24,739Updated this week
- Cloud Native Runtime Security☆7,620Updated this week
- A Pythonic framework for threat modeling☆959Updated this week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆734Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆793Updated last month