ossf / scorecard
OpenSSF Scorecard - Security health metrics for Open Source
☆4,808Updated this week
Alternatives and similar repositories for scorecard:
Users that are interested in scorecard are comparing it to the libraries listed below
- GitHub App to set and enforce security policies☆1,292Updated this week
- Supply-chain Levels for Software Artifacts☆1,621Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,923Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,703Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,325Updated this week
- Code signing and transparency for containers and binaries☆4,768Updated this week
- An enterprise friendly way of detecting and preventing secrets in code.☆3,977Updated this week
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,728Updated this week
- A suite of tools to automate software compliance checks.☆1,692Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,592Updated this week
- Open source vulnerability DB and triage service.☆1,769Updated this week
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆647Updated this week
- A vulnerability scanner for container images and filesystems☆9,527Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,072Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆835Updated last year
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,336Updated this week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,095Updated this week
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆6,788Updated this week
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆2,854Updated 2 months ago
- Tfsec is now part of Trivy☆6,791Updated last month
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,860Updated 3 months ago
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,225Updated last week
- OSS-Fuzz - continuous fuzzing for open source software.☆10,883Updated this week
- A service that analyzes docker images and scans for vulnerabilities☆1,588Updated 2 years ago
- Gives criticality score for an open source project☆1,365Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆4,826Updated last year
- Open Source Package Analysis☆824Updated last week
- 🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your…☆2,079Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆507Updated 4 months ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆739Updated this week