Alternatives and similar repositories for packj

Users that are interested in packj are comparing it to the libraries listed below

• SourceCode-AI / aura
  Python source code auditing and static analysis on a large scale
  ☆498Updated last year
• DataDog / guarddog
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆755Updated last week
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆364Updated 6 months ago
• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆659Updated 4 months ago
• IBM / import-tracker
  Python utility for tracking third party dependencies within a library
  ☆459Updated last week
• EISMGard / github-audit-tool
  This is a tool for auditing github repos, users, and teams. Good for compliance, security and other stuff.
  ☆196Updated last week
• devops-kung-fu / bomber
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆571Updated 2 months ago
• Legit-Labs / legitify
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆810Updated 3 months ago
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆315Updated this week
• sigstore / sigstore-python
  A Sigstore client written in Python
  ☆273Updated this week
• ossf / package-analysis
  Open Source Package Analysis
  ☆833Updated 2 months ago
• pypa / pip-audit
  Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
  ☆1,064Updated this week
• gittuf / gittuf
  A security layer for Git repositories
  ☆534Updated this week
• chainguard-dev / ssc-reading-list
  A reading list for software supply-chain security.
  ☆363Updated 2 years ago
• matusf / openapi-fuzzer
  Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
  ☆561Updated last year
• step-security / wait-for-secrets
  Publish from GitHub Actions using multi-factor authentication
  ☆287Updated 3 weeks ago
• slsa-framework / slsa-github-generator
  Language-agnostic SLSA provenance generation for Github Actions
  ☆478Updated last month
• step-security / harden-runner
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆837Updated this week
• ossf / oss-vulnerability-guide
  A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…
  ☆122Updated 5 months ago
• pypa / advisory-database
  Advisory database for Python packages published on pypi.org
  ☆293Updated this week
• Cicada-Software / cicada
  A FOSS, cross-platform version of GitHub Actions and Gitlab CI
  ☆570Updated last year
• trufflesecurity / driftwood
  Private key usage verification
  ☆431Updated 2 months ago
• bureado / awesome-software-supply-chain-security
  A compilation of resources in the software supply chain security domain, with emphasis on open source
  ☆324Updated 2 years ago
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆202Updated this week
• rusty-ferris-club / shellclear
  Secure shell history commands by finding sensitive data
  ☆225Updated 2 years ago
• rung / threat-matrix-cicd
  Threat matrix for CI/CD Pipeline
  ☆752Updated 11 months ago
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆492Updated 6 months ago
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆269Updated this week
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆303Updated this week
• guacsec / guac
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,376Updated this week