ossf / scorecardLinks
OpenSSF Scorecard - Security health metrics for Open Source
☆4,931Updated this week
Alternatives and similar repositories for scorecard
Users that are interested in scorecard are comparing it to the libraries listed below
Sorting:
- GitHub App to set and enforce security policies☆1,334Updated last week
- Supply-chain Levels for Software Artifacts☆1,674Updated last week
- Open source vulnerability DB and triage service.☆1,901Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆7,223Updated this week
- Code signing and transparency for containers and binaries☆5,005Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,372Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,851Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,956Updated last month
- Tfsec is now part of Trivy☆6,836Updated 2 weeks ago
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,387Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,487Updated this week
- A vulnerability scanner for container images and filesystems☆10,022Updated this week
- Open Source Package Analysis☆834Updated 2 months ago
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,189Updated 2 weeks ago
- An enterprise friendly way of detecting and preventing secrets in code.☆4,109Updated 3 months ago
- Cloud Native Runtime Security☆8,000Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,123Updated last week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,098Updated this week
- Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on p…☆4,818Updated 3 weeks ago
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆834Updated last week
- A static analysis tool for securing Go code☆2,178Updated last year
- Boundary enables identity-based access management for dynamic infrastructure.☆3,930Updated this week
- Linux Runtime Security and Forensics using eBPF☆3,922Updated 2 weeks ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆810Updated 2 months ago
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆491Updated 6 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆572Updated 2 months ago
- A suite of tools to automate software compliance checks.☆1,764Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆843Updated last year
- Agile Threat Modeling Toolkit☆673Updated last week
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆884Updated this week