ossillate-inc / packj
Packj stops Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
☆666Updated last year
Alternatives and similar repositories for packj:
Users that are interested in packj are comparing it to the libraries listed below
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆737Updated this week
- Python source code auditing and static analysis on a large scale☆496Updated last year
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆308Updated this week
- GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfigurati…☆170Updated 3 months ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆357Updated 4 months ago
- A reading list for software supply-chain security.☆362Updated 2 years ago
- Publish from GitHub Actions using multi-factor authentication☆284Updated this week
- Secure shell history commands by finding sensitive data☆222Updated last year
- 🚀 Code Analysis & Policy as Code for Open Source Software Supply Chain☆351Updated last week
- The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into …☆217Updated last week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆801Updated last month
- CI/CD Security Analyzer☆658Updated 2 months ago
- A security layer for Git repositories☆514Updated this week
- Advisory database for Python packages published on pypi.org☆286Updated this week
- Feed parsing for language package manager updates☆79Updated 5 months ago
- Open Source Package Analysis☆833Updated 3 weeks ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆565Updated last month
- Protection against Model Serialization Attacks☆478Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆396Updated this week
- The most versatile way to manage containers locally☆719Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆120Updated 3 months ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆203Updated this week
- A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs☆391Updated last week
- Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.☆1,920Updated this week
- Python utility for tracking third party dependencies within a library☆459Updated this week
- Verify provenance from SLSA compliant builders☆259Updated 3 weeks ago
- This is a tool for auditing github repos, users, and teams. Good for compliance, security and other stuff.☆195Updated last month
- Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration☆296Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆319Updated 2 years ago
- Global Security Database☆318Updated last year