ossf / scorecard
OpenSSF Scorecard - Security health metrics for Open Source
☆4,727Updated this week
Alternatives and similar repositories for scorecard:
Users that are interested in scorecard are comparing it to the libraries listed below
- Supply-chain Levels for Software Artifacts☆1,580Updated this week
- GitHub App to set and enforce security policies☆1,269Updated this week
- Open source vulnerability DB and triage service.☆1,583Updated this week
- Code signing and transparency for containers and binaries☆4,647Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,140Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,802Updated last month
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,491Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,373Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆10,898Updated this week
- A vulnerability scanner for container images and filesystems☆9,243Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,314Updated this week
- Tfsec is now part of Trivy☆6,746Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆24,373Updated this week
- Open Source Package Analysis☆805Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆822Updated last year
- An enterprise friendly way of detecting and preventing secrets in code.☆3,887Updated last week
- Boundary enables identity-based access management for dynamic infrastructure.☆3,880Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,786Updated this week
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,123Updated this week
- RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…☆2,647Updated last month
- A service that analyzes docker images and scans for vulnerabilities☆1,587Updated last year
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,677Updated this week
- Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powere…☆3,113Updated this week
- Cloud native secrets management for developers - never leave your command line for secrets.☆2,925Updated 5 months ago
- 🤖 Dependabot's core logic for creating update PRs.☆4,807Updated this week
- A suite of tools to automate software compliance checks.☆1,645Updated this week
- Detect, track and alert on infrastructure drift☆2,495Updated last week
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,144Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,048Updated last month