Official GitHub Action for OpenSSF Scorecard.
☆390Jun 29, 2026Updated this week
Alternatives and similar repositories for scorecard-action
Users that are interested in scorecard-action are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- OpenSSF Scorecard - Security health metrics for Open Source☆5,557Updated this week
- Orchestrate GitHub Actions Security☆329Jun 10, 2026Updated 3 weeks ago
- Website and API for OpenSSF Scorecard☆28Jun 26, 2026Updated last week
- SLSA level 3 action☆12Apr 26, 2024Updated 2 years ago
- Language-agnostic SLSA provenance generation for Github Actions☆582Mar 29, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆1,210Updated this week
- A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs☆869Jun 25, 2026Updated last week
- GitHub token permissions Monitor and Advisor actions☆372Jan 31, 2026Updated 5 months ago
- Verify provenance from SLSA compliant builders☆335Mar 9, 2026Updated 3 months ago
- Cosign Github Action☆202Updated this week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆48Jun 23, 2026Updated last week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Nov 1, 2022Updated 3 years ago
- Generate a score for your sbom to understand if it will actually be useful.☆240Aug 13, 2024Updated last year
- Action for generating SBOM attestations for workflow artifacts☆45Updated this week
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- GitHub App to set and enforce security policies☆1,433Updated this week
- Play with GHAS API to provide posture data over time☆42Jun 22, 2026Updated last week
- Github Action implementation of SLSA Provenance Generation☆50Jun 22, 2026Updated last week
- GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…☆227Jun 25, 2026Updated last week
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆19Jun 22, 2026Updated last week
- Lock Action to support deployment locking for the branch-deploy Action☆57Mar 1, 2026Updated 4 months ago
- Terraform mock provider - Used to configure and test Terraform configuration edge cases and output.☆20Updated this week
- Publish a signed build provenance from your GitHub Actions workflow☆62May 21, 2024Updated 2 years ago
- Sigstore OIDC PKI☆860Updated this week
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Supply-chain Levels for Software Artifacts☆1,883Jun 23, 2026Updated last week
- GitHub Advanced Security Policy as Code☆105Jun 25, 2026Updated last week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆73Updated this week
- A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts☆10Apr 10, 2023Updated 3 years ago
- ☆87May 28, 2026Updated last month
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆534Updated this week
- ☆84Apr 26, 2024Updated 2 years ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,513Updated this week
- OpenVEX Specification☆185Jan 16, 2026Updated 5 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆507Jun 27, 2025Updated last year
- OpenSSF Working Group on Securing Software Repositories☆129Apr 6, 2026Updated 2 months ago
- Manage a uniform team of security managers for every organization in your enterprise☆24Jun 26, 2026Updated last week
- OpenSSF Security Tooling Working Group☆324Jul 6, 2025Updated 11 months ago
- A collection of reusable Github Actions workflows.☆171Updated this week
- Enrich SBOMs with data from third party services☆230May 18, 2026Updated last month
- Keyless Git signing using Sigstore☆1,106Jun 22, 2026Updated last week