Alternatives and similar repositories for scorecard:

Users that are interested in scorecard are comparing it to the libraries listed below

• ossf / allstar
  GitHub App to set and enforce security policies
  ☆1,296Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,848Updated last week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,648Updated this week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆1,807Updated this week
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆6,835Updated this week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,805Updated 2 months ago
• gitleaks / gitleaks
  Find secrets with Gitleaks 🔑
  ☆19,546Updated this week
• cncf / tag-security
  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
  ☆2,169Updated last week
• guacsec / guac
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,353Updated this week
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆9,692Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,895Updated 4 months ago
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆11,472Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆25,434Updated last week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,914Updated this week
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,266Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,584Updated this week
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆837Updated last year
• thoughtworks / talisman
  Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…
  ☆1,978Updated this week
• github / codeql
  CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
  ☆8,230Updated this week
• ossf / package-analysis
  Open Source Package Analysis
  ☆828Updated this week
• github / codeql-action
  Actions for running CodeQL analysis
  ☆1,240Updated this week
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,023Updated last month
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆2,982Updated this week
• oss-review-toolkit / ort
  A suite of tools to automate software compliance checks.
  ☆1,711Updated this week
• snyk / cli
  Snyk CLI scans and monitors your projects for security vulnerabilities.
  ☆5,093Updated this week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,876Updated 3 months ago
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆7,319Updated this week
• inspec / inspec
  InSpec: Auditing and Testing Framework
  ☆2,905Updated this week
• sigstore / rekor
  Software Supply Chain Transparency Log
  ☆948Updated last week
• ossf / criticality_score
  Gives criticality score for an open source project
  ☆1,367Updated this week