ossf / scorecardLinks
OpenSSF Scorecard - Security health metrics for Open Source
☆5,118Updated this week
Alternatives and similar repositories for scorecard
Users that are interested in scorecard are comparing it to the libraries listed below
Sorting:
- GitHub App to set and enforce security policies☆1,366Updated this week
- Supply-chain Levels for Software Artifacts☆1,742Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆7,877Updated this week
- Open source vulnerability DB and triage service.☆2,352Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,413Updated last week
- A suite of tools to automate software compliance checks.☆1,839Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,498Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,308Updated last week
- A vulnerability scanner for container images and filesystems☆10,915Updated this week
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.☆2,024Updated this week
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,909Updated this week
- Open Source Package Analysis☆855Updated 6 months ago
- Tfsec is now part of Trivy☆6,913Updated 2 weeks ago
- Code signing and transparency for containers and binaries☆5,341Updated last week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆5,180Updated 3 months ago
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,965Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆852Updated 2 years ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆808Updated this week
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆3,076Updated 9 months ago
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,176Updated 3 weeks ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,859Updated this week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,231Updated 2 weeks ago
- Gives criticality score for an open source project☆1,405Updated 6 months ago
- Boundary enables identity-based access management for dynamic infrastructure.☆3,954Updated this week
- RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…☆2,826Updated 2 weeks ago
- 🔎 Static code analysis engine to find security issues in code.☆1,794Updated this week
- Multi-Cloud Security Auditing Tool☆7,398Updated last month
- Agile Threat Modeling Toolkit☆706Updated 2 months ago
- Cloud Security Posture Management (CSPM)☆3,625Updated 3 weeks ago
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆902Updated last week