Official GitHub Action for OpenSSF Scorecard.
☆361Feb 10, 2026Updated 3 weeks ago
Alternatives and similar repositories for scorecard-action
Users that are interested in scorecard-action are comparing it to the libraries listed below
Sorting:
- OpenSSF Scorecard - Security health metrics for Open Source☆5,283Feb 25, 2026Updated last week
- Orchestrate GitHub Actions Security☆305Jan 16, 2026Updated last month
- Website and API for OpenSSF Scorecard☆28Feb 20, 2026Updated last week
- A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs☆790Updated this week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆966Feb 26, 2026Updated last week
- Language-agnostic SLSA provenance generation for Github Actions☆549Updated this week
- GitHub token permissions Monitor and Advisor actions☆353Jan 31, 2026Updated last month
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- Cosign Github Action☆187Jan 26, 2026Updated last month
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- Action for generating SBOM attestations for workflow artifacts☆43Updated this week
- Verify provenance from SLSA compliant builders☆310Nov 20, 2025Updated 3 months ago
- Publish a signed build provenance from your GitHub Actions workflow☆63May 21, 2024Updated last year
- Play with GHAS API to provide posture data over time☆41Feb 23, 2026Updated last week
- GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…☆221Updated this week
- GitHub App to set and enforce security policies☆1,392Updated this week
- A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts☆10Apr 10, 2023Updated 2 years ago
- GitHub Advance Security Compliance Action☆134Dec 14, 2022Updated 3 years ago
- Lock Action to support deployment locking for the branch-deploy Action☆54Updated this week
- Sigstore OIDC PKI☆810Updated this week
- Keyless Git signing using Sigstore☆1,066Updated this week
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- Supply-chain Levels for Software Artifacts☆1,814Feb 20, 2026Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,450Feb 25, 2026Updated last week
- Enrich SBOMs with data from third party services☆220Feb 11, 2026Updated 3 weeks ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆517Feb 25, 2026Updated last week
- OpenSSF Security Tooling Working Group☆320Jul 6, 2025Updated 7 months ago
- Action for generating build provenance attestations for workflow artifacts☆895Updated this week
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆19Nov 27, 2025Updated 3 months ago
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- Action for generating attestations for workflow artifacts☆74Updated this week
- A collection of reusable Github Actions workflows.☆159Updated this week
- mdast extension to parse and serialize GFM tables☆15Oct 19, 2023Updated 2 years ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆495Jun 27, 2025Updated 8 months ago
- A tool for securing CI/CD workflows with version pinning.☆883Jun 27, 2025Updated 8 months ago
- Code signing and transparency for containers and binaries☆5,683Feb 26, 2026Updated last week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 2 months ago