pbom-dev/OSCAR

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pbom-dev/OSCAR)

pbom-dev / OSCAR

A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain

☆98

Alternatives and similar repositories for OSCAR

Users that are interested in OSCAR are comparing it to the libraries listed below

Sorting:

oxsecurity / ox-security-scan
View on GitHub
A GitHub Action for using OX Security to scan for vulnerabilities in your software projects
☆14Nov 12, 2024Updated last year
cmu-sei / Polar
View on GitHub
Polar is a secure and scalable knowledge graph framework, designed to address the challenges posed by building big data systems in highly…
☆21Updated this week
devops-kung-fu / lucha
View on GitHub
A CLI that scans for sensitive data in source code
☆14Mar 22, 2023Updated 3 years ago
libyal / reviveit
View on GitHub
ReviveIT (revit) is a proof of concept file recovery tool (carver)
☆13Dec 3, 2020Updated 5 years ago
in-toto / scai-demos
View on GitHub
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
☆19Mar 5, 2026Updated 2 weeks ago
scanoss / purl2cpe
View on GitHub
PURL to CPE Relationship mapping project.
☆111Updated this week
CycloneDX / transparency-exchange-api
View on GitHub
A standard API specification for exchanging supply chain artifacts and intelligence
☆103Mar 13, 2026Updated last week
vishalgarg-sec / Software-Supply-Chain-Security
View on GitHub
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
☆144Jan 28, 2024Updated 2 years ago
allisonis / gcp-iam-sentinel-examples
View on GitHub
☆28Aug 6, 2020Updated 5 years ago
Checkmarx / dustilock
View on GitHub
DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.
☆40Nov 21, 2021Updated 4 years ago
ccdcoe / frankenstack
View on GitHub
Busted. With duct tape, spit and tears. Brought to you by beer.
☆12Nov 4, 2021Updated 4 years ago
eslerm / nvd-api-client
View on GitHub
NVD API 2.0 client for CVE information
☆13May 15, 2025Updated 10 months ago
Vulnetix / cli
View on GitHub
Automate vulnerability triage which prioritizes remediation over discovery
☆20Updated this week
dorkamotorka / ebpf-github-actions
View on GitHub
Demo repository for running eBPF in GitHub Actions
☆23Mar 27, 2025Updated 11 months ago
CycodeLabs / cimon-action
View on GitHub
Runtime Security Solution for your CI/CD Pipeline
☆114Mar 12, 2026Updated last week
slsa-framework / slsa-proposals
View on GitHub
SLSA Proposals
☆11Jan 29, 2024Updated 2 years ago
meta-fun / awesome-software-supply-chain-security
View on GitHub
Sharing software supply chain security open source projects
☆53Dec 19, 2022Updated 3 years ago
chgl / kube-powertools
View on GitHub
An always up to date collection of useful tools for your Kubernetes linting and auditing needs.
☆16Updated this week
nvuillam / node-sarif-builder
View on GitHub
JS/TS library to easily build valid SARIF output from your javascript based SAST tools
☆18Updated this week
mindersec / minder
View on GitHub
Software Supply Chain Security Platform
☆380Updated this week
williballenthin / viv-utils
View on GitHub
Utilities for working with vivisect
☆26Oct 1, 2025Updated 5 months ago
jasebell / ai-bill-of-materials
View on GitHub
What's in the black box? As we go forward we will need a model and machine readable bill of materials.
☆13Oct 17, 2023Updated 2 years ago
bomctl / bomctl
View on GitHub
Format agnostic SBOM tooling
☆133Nov 20, 2025Updated 4 months ago
SecureStackCo / visualizing-software-supply-chain
View on GitHub
A project to visualize the software supply chain
☆58Sep 9, 2023Updated 2 years ago
Lind-Project / safeposix-rust
View on GitHub
Rust implementation of SafePOSIX
☆13May 13, 2025Updated 10 months ago
oasis-tcs / csaf
View on GitHub
OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…
☆211Updated this week
awesomeSBOM / awesome-sbom
View on GitHub
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
☆572May 20, 2025Updated 10 months ago
ralvares / ssvc.me
View on GitHub
Exploit & Vulnerability Intelligence Repository
☆23Jan 20, 2025Updated last year
UltimateAI-org / aitoolsforobsidian
View on GitHub
Bring AI agents into Obsidian via Agent Client Protocol (ACP), such as Claude Code, Codex and Gemini CLI.
☆38Feb 23, 2026Updated 3 weeks ago
guacsec / guac
View on GitHub
GUAC aggregates software security metadata into a high fidelity graph database.
☆1,454Updated this week
ckotzbauer / vulnerability-operator
View on GitHub
Scans SBOMs for vulnerabilities with Grype
☆85Mar 15, 2026Updated last week
rasta-mouse / SharpRDP
View on GitHub
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
☆12Jan 21, 2020Updated 6 years ago
rembish / cfb
View on GitHub
Microsoft Compound File Binary (CFB) file format Python IO
☆15Mar 8, 2026Updated last week
KarmaPenny / pdfparser
View on GitHub
PDF Parser is a command line tool and go library for analyzing PDF files.
☆14Jan 25, 2024Updated 2 years ago
dsnezhkov / h53
View on GitHub
A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place
☆10Aug 26, 2018Updated 7 years ago
XDR-Alliance / Common-Information-Model
View on GitHub
☆12Aug 8, 2022Updated 3 years ago
microsoft / sarif-js-sdk
View on GitHub
JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…
☆33May 27, 2024Updated last year
j-schreiber / js-sf-cli-plugin
View on GitHub
A sf CLI plugin that makes your life easier.
☆39Jul 15, 2025Updated 8 months ago
emerald-ci / Emerald-CI
View on GitHub
A Docker Compose Centric CI System
☆12Oct 25, 2015Updated 10 years ago