Machine-readable specification for the attestation of security-relevant data.
☆72Feb 24, 2026Updated this week
Alternatives and similar repositories for security-insights
Users that are interested in security-insights are comparing it to the libraries listed below
Sorting:
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- Privateer is a plugin-based framework to validate the status of deployed resources.☆18Updated this week
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- A functional type system for policy inspection, audit and enforcement.☆13Aug 17, 2023Updated 2 years ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 2 years ago
- Technical Advisory Council☆135Feb 17, 2026Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Updated this week
- ORBIT: Open Resources for Baselines, Interoperability, and Tooling☆21Updated this week
- ☆49Updated this week
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆149Dec 19, 2025Updated 2 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆100Feb 20, 2026Updated last week
- ☆102Sep 27, 2024Updated last year
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Updated this week
- PURL to CPE Relationship mapping project.☆111Updated this week
- Minimizing rework for governance activities.☆39Feb 23, 2026Updated last week
- Everything you ever wanted to know about the CRA and its implementation☆155Feb 16, 2026Updated 2 weeks ago
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 3 months ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆992Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- A community collection of security reviews of open source software components.☆97Feb 29, 2024Updated 2 years ago
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆81Feb 20, 2026Updated last week
- Mattermost builder☆11Jan 1, 2022Updated 4 years ago
- Privateer plugin for scanning the security hygiene of a GitHub repository.☆20Updated this week
- A Python client for the Global CVE Allocation System.☆17Jan 31, 2026Updated last month
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆108Feb 23, 2026Updated last week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- An query language and interactive tooling to work with SBOM data.☆15Oct 7, 2024Updated last year
- ☆16Updated this week
- Vuln Disclosure WG's new SIG☆11Jan 2, 2024Updated 2 years ago
- Automatically assess and score software repositories for supply chain risk.☆121Feb 16, 2026Updated 2 weeks ago
- SBOM Search - Context aware search in SBOM repositories☆29Nov 24, 2025Updated 3 months ago
- A tool to create, transform and attest VEX metadata☆176Updated this week
- Open Source Vulnerability schema.☆235Feb 20, 2026Updated last week
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆517Updated this week
- Open Source Maturity Model☆16Apr 30, 2024Updated last year
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆19Nov 27, 2025Updated 3 months ago
- Source for official CVE Program policy documents.☆18Jan 28, 2026Updated last month
- The model for the information captured in SPDX version 3 standard.☆98Updated this week