philips-labs / continuous-compliance-action
Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your repository for mandatory files or requirements. When possible, it will create detailed Github issue with instructions on how to resolve it.
☆19Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for continuous-compliance-action
- Github Action implementation of SLSA Provenance Generation☆47Updated this week
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆45Updated 7 months ago
- GitHub Secret Scanning Auto Remediator (GSSAR)☆44Updated last year
- Manage a uniform team of security managers for every organization in your enterprise☆17Updated 3 months ago
- Synchronize GitHub Code Scanning alerts to Jira issues☆81Updated last month
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- A GitHub action for organizations that enables advanced security code scanning on all new repos☆37Updated 9 months ago
- ☆78Updated 6 months ago
- A GitHub action to measure GitHub Actions workflow metrics. An enabler to put the concept discussed in the post to practice - https://www…☆19Updated 10 months ago
- ☆30Updated 3 weeks ago
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆117Updated this week
- On-prem GitHub Actions runners, backed by Kubernetes☆36Updated 2 years ago
- A tool that aims to bulk automates the enablement of GitHub Code Scanning, Secret Scanning and Dependabot across multiple repositories.☆152Updated 5 months ago
- GitHub Advance Security Compliance Action☆132Updated last year
- Slack alert bot for matching Github Audit Events☆10Updated last week
- GitHub Advanced Security Pull Request Security Team required review GitHub App☆34Updated this week
- GitHub Code Scanning Mean Time to Remediate (GCSMTTR)☆14Updated last year
- Website and API for OpenSSF Scorecard☆22Updated this week
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- GitHub Advanced Security Policy as Code☆73Updated this week
- Helm Chart for deploying GUAC☆14Updated 3 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated last week
- Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts☆20Updated 3 weeks ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆73Updated this week
- An SBOM query language and associated utilities☆54Updated 9 months ago
- Play with GHAS API to provide posture data over time☆33Updated 2 weeks ago
- Example of using Actions OIDC token to proxy into a private network☆91Updated last week
- Enrich SBOMs with data from third party services☆117Updated 2 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Examples of Custom Secret Scanning Patterns☆144Updated 4 months ago