Alternatives and similar repositories for OSCAR

Users that are interested in OSCAR are comparing it to the libraries listed below

• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆139Updated 2 years ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆179Updated last month
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆170Updated last week
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆68Updated 7 months ago
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆74Updated 3 years ago
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers…
  ☆135Updated this week
• anchore / nvd-data-overrides
  ☆48Updated this week
• raesene / container-security-site
  ☆106Updated 2 months ago
• OWASP / OpenCRE
  ☆138Updated last week
• CycloneDX / bom-examples
  A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
  ☆215Updated 3 months ago
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆96Updated last year
• tenable / KaiMonkey
  KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.
  ☆105Updated 2 years ago
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆75Updated 2 years ago
• wiz-sec-public / cloud-middleware-dataset
  ☆245Updated last year
• chughes757 / SecureSoftwareSupplyChain
  This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
  ☆139Updated 3 years ago
• wiz-sec / open-cvdb
  An open project to list all publicly known cloud vulnerabilities and CSP security issues
  ☆373Updated 4 months ago
• rpetrich / deciduous
  App that simplifies building decision trees to model adverse scenarios
  ☆225Updated last year
• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆53Updated 3 years ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆138Updated 2 weeks ago
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆153Updated 10 months ago
• chainguard-sandbox / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Updated 2 years ago
• nccgroup / ccs
  ☆114Updated 2 years ago
• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆98Updated last week
• SecureStackCo / visualizing-software-supply-chain
  A project to visualize the software supply chain
  ☆58Updated 2 years ago
• DataDog / supply-chain-firewall
  Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages
  ☆215Updated last week
• CycloneDX / sbom-utility
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆124Updated last month
• thought-machine / dracon
  Security scanning & static analysis tool
  ☆93Updated last year
• ReversecLabs / IceKube
  ☆185Updated this week
• t0sche / cvss-bt
  Enriching the NVD CVSS scores to include Temporal & Threat Metrics
  ☆215Updated this week
• iriusrisk / startleft
  StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…
  ☆52Updated 2 months ago