philips-labs / continuous-compliance-action
Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your repository for mandatory files or requirements. When possible, it will create detailed Github issue with instructions on how to resolve it.
☆21Updated 11 months ago
Alternatives and similar repositories for continuous-compliance-action:
Users that are interested in continuous-compliance-action are comparing it to the libraries listed below
- Github Action implementation of SLSA Provenance Generation☆48Updated last week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- An Action to wrap creating an SBOM via REST API☆18Updated 3 weeks ago
- GitHub Secret Scanning Auto Remediator (GSSAR)☆44Updated last month
- A GitHub action for organizations that enables advanced security code scanning on all new repos☆39Updated last week
- ☆80Updated last year
- GitHub Advance Security Compliance Action☆133Updated 2 years ago
- GitHub Advanced Security Policy as Code☆82Updated last week
- This repository creates pull requests to push a GitHub Actions workflow to a collection of workflows.☆46Updated 2 years ago
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆133Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆34Updated 2 months ago
- CodeQL Extractor, Library, and Queries for Infrastructure as Code☆48Updated last week
- ☆42Updated 6 months ago
- Manage a uniform team of security managers for every organization in your enterprise☆17Updated 8 months ago
- Website and API for OpenSSF Scorecard☆24Updated last week
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆49Updated last year
- An SBOM query language and associated utilities☆54Updated last year
- Synchronize GitHub Code Scanning alerts to Jira issues☆85Updated last month
- GitHub Code Scanning Mean Time to Remediate (GCSMTTR)☆14Updated last year
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆63Updated last week
- ☆56Updated 2 years ago
- Play with GHAS API to provide posture data over time☆36Updated 3 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 3 months ago
- Example of using Actions OIDC token to proxy into a private network☆92Updated last month
- A tool that aims to bulk automates the enablement of GitHub Code Scanning, Secret Scanning and Dependabot across multiple repositories.☆154Updated 10 months ago
- Generate SBOMs with gh CLI☆182Updated last week
- Helm Chart for deploying GUAC☆16Updated last week
- A CLI tool for creating secure by design/default source repos.☆25Updated 9 months ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated this week
- Go library for Sigstore signing and verification☆18Updated last year