ossf / scorecardLinks
OpenSSF Scorecard - Security health metrics for Open Source
☆4,951Updated this week
Alternatives and similar repositories for scorecard
Users that are interested in scorecard are comparing it to the libraries listed below
Sorting:
- GitHub App to set and enforce security policies☆1,340Updated this week
- Open source vulnerability DB and triage service.☆1,908Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆7,271Updated this week
- Supply-chain Levels for Software Artifacts☆1,682Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,376Updated this week
- Code signing and transparency for containers and binaries☆5,025Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,398Updated this week
- Open Source Package Analysis☆834Updated 2 months ago
- Tfsec is now part of Trivy☆6,844Updated last month
- Cloud Security Posture Management (CSPM)☆3,551Updated last week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,968Updated last month
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆846Updated last year
- Hunt for security weaknesses in Kubernetes clusters☆4,888Updated last year
- A vulnerability scanner for container images and filesystems☆10,166Updated this week
- Cloud Native Runtime Security☆8,019Updated last week
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆991Updated last year
- Boundary enables identity-based access management for dynamic infrastructure.☆3,930Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,947Updated this week
- Cloud native secrets management for developers - never leave your command line for secrets.☆3,057Updated 11 months ago
- A service that analyzes docker images and scans for vulnerabilities☆1,587Updated 2 years ago
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,134Updated 2 weeks ago
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆2,935Updated 5 months ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,117Updated last week
- Checklist for container security - devsecops practices☆1,576Updated last year
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.☆1,905Updated this week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,191Updated 3 weeks ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,464Updated this week
- Software Supply Chain Transparency Log☆974Updated this week
- Multi-Cloud Security Auditing Tool☆7,204Updated 7 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆571Updated 3 months ago