safedep / vet
π Code Analysis & Policy as Code for Open Source Software Supply Chain
β372Updated this week
Alternatives and similar repositories for vet
Users that are interested in vet are comparing it to the libraries listed below
Sorting:
- Software Supply Chain Security Platformβ333Updated this week
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ118Updated 2 months ago
- boostsecurityio/poutineβ267Updated last week
- Generate a score for your sbom to understand if it will actually be useful.β229Updated 9 months ago
- β64Updated 3 months ago
- Runtime Security Solution for your CI/CD Pipelineβ102Updated 2 months ago
- A tool for preventing the installation of malicious PyPI and npm packagesβ144Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.β172Updated 5 months ago
- Gram is Klarna's own threat model diagramming toolβ320Updated 2 weeks ago
- Enrich SBOMs with data from third party servicesβ172Updated last month
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ110Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β133Updated last year
- Validate the isolation posture of your container environment.β277Updated this week
- Evaluate source control (GitHub) security postureβ249Updated 2 years ago
- OpenVEX Specificationβ150Updated last month
- A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMsβ392Updated 2 weeks ago
- A security layer for Git repositoriesβ522Updated this week
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.β330Updated this week
- SBOM Assess - Evaluate SBOM quality and complianceβ208Updated this week
- A universal SBOM representation in protocol buffersβ285Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open sourceβ319Updated 2 years ago
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this β¦β114Updated this week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko geneβ¦β104Updated last year
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs andβ¦β149Updated 5 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact proβ¦β472Updated this week
- β105Updated 3 weeks ago
- Utility that provides an API platform for validating, querying and managing BOM dataβ109Updated 3 weeks ago
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supporβ¦β133Updated this week
- Format agnostic SBOM toolingβ106Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilitβ¦β309Updated this week