Machine-readable specification for the attestation of security-relevant data.
☆73Feb 24, 2026Updated 3 weeks ago
Alternatives and similar repositories for security-insights
Users that are interested in security-insights are comparing it to the libraries listed below
Sorting:
- Privateer is a plugin-based framework for security & compliance evaluations.☆18Updated this week
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- ORBIT: Open Resources for Baselines, Interoperability, and Tooling☆21Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 2 years ago
- ☆76Dec 10, 2025Updated 3 months ago
- Technical Advisory Council☆136Mar 4, 2026Updated 2 weeks ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆112Feb 28, 2026Updated 3 weeks ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆44Feb 28, 2026Updated 3 weeks ago
- Centralized Reusable GitHub Actions☆19Updated this week
- A functional type system for policy inspection, audit and enforcement.☆14Aug 17, 2023Updated 2 years ago
- Minimizing rework for governance activities.☆46Updated this week
- ☆102Sep 27, 2024Updated last year
- ☆50Updated this week
- A community collection of security reviews of open source software components.☆98Feb 29, 2024Updated 2 years ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆103Mar 13, 2026Updated last week
- ☆23Oct 26, 2021Updated 4 years ago
- PURL to CPE Relationship mapping project.☆111Updated this week
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆999Updated this week
- OpenVEX Specification☆169Jan 16, 2026Updated 2 months ago
- Stakeholder-Specific Vulnerability Categorization☆176Updated this week
- SBOM Search - Context aware search in SBOM repositories☆30Nov 24, 2025Updated 3 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆214Feb 4, 2026Updated last month
- GitHub Action that given an organization or repository, produces information about the contributors over the specified time period.☆145Updated this week
- Source for official CVE Program policy documents.☆18Jan 28, 2026Updated last month
- ☆16Updated this week
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆19Nov 27, 2025Updated 3 months ago
- ☆147Updated this week
- A Python client for the Global CVE Allocation System.☆17Jan 31, 2026Updated last month
- Build, edit, validate, and export CycloneDX BOMs through an intuitive browser-based interface☆15Mar 13, 2026Updated last week
- This repository stores meetings minutes for the SPDX project☆40Mar 10, 2026Updated last week
- A tiny tool for embedding CoSWID tags in EFI binaries☆26Updated this week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 4 months ago
- A universal SBOM representation in protocol buffers☆320Mar 2, 2026Updated 2 weeks ago
- Sigstore user stories☆31Aug 25, 2023Updated 2 years ago
- Everything you ever wanted to know about the CRA and its implementation☆162Updated this week
- ☆31Updated this week
- Mattermost builder☆11Jan 1, 2022Updated 4 years ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆519Updated this week