A tool for securing CI/CD workflows with version pinning.
☆883Jun 27, 2025Updated 8 months ago
Alternatives and similar repositories for ratchet
Users that are interested in ratchet are comparing it to the libraries listed below
Sorting:
- Keyless Git signing using Sigstore☆1,066Updated this week
- Evaluate source control (GitHub) security posture☆251Mar 8, 2023Updated 2 years ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆517Feb 25, 2026Updated last week
- GitHub App to set and enforce security policies☆1,392Updated this week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆3,129Feb 23, 2026Updated last week
- Open source compliance tool for development platforms.☆285Oct 30, 2023Updated 2 years ago
- Code signing and transparency for containers and binaries☆5,683Feb 26, 2026Updated last week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆312Feb 26, 2026Updated last week
- Build OCI images from APK packages directly without Dockerfile☆1,560Updated this week
- task runner for local and remote hosts☆743Apr 18, 2025Updated 10 months ago
- Tfsec is now part of Trivy☆6,961Nov 10, 2025Updated 3 months ago
- BadRobot - Operator Security Audit Tool☆225Feb 2, 2026Updated last month
- Automation engine to build, test and ship any codebase. Runs locally, in CI, or directly in the cloud☆15,477Updated this week
- Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!☆12,184Updated this week
- A vulnerability scanner for container images and filesystems☆11,652Updated this week
- eBPF-based Security Observability and Runtime Enforcement☆4,447Updated this week
- Build and deploy Go applications☆8,352Feb 6, 2026Updated 3 weeks ago
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆966Feb 26, 2026Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆8,435Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆5,201Nov 20, 2025Updated 3 months ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆31Nov 8, 2023Updated 2 years ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆769Dec 11, 2024Updated last year
- A library of rules for Conftest used to detect misconfigurations within Terraform configuration files☆190Sep 20, 2022Updated 3 years ago
- The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, …☆1,263Updated this week
- Terraform provider and module version checking tool☆136Dec 6, 2022Updated 3 years ago
- Detect, track and alert on infrastructure drift☆2,621Jan 30, 2026Updated last month
- The Finch CLI is an open source client for container development☆3,978Updated this week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,283Feb 25, 2026Updated last week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆32,280Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- Connect your local process and your cloud environment, and run local code in cloud conditions.☆4,972Updated this week
- Validation of best practices in your Kubernetes clusters☆3,347Feb 24, 2026Updated last week
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- 👀 A Kubernetes cluster resource sanitizer☆6,236Dec 8, 2025Updated 2 months ago
- Automated refactoring for Terraform☆73May 4, 2022Updated 3 years ago
- Boundary enables identity-based access management for dynamic infrastructure.☆3,999Updated this week
- Cloud native secrets management for developers - never leave your command line for secrets.☆3,176Jan 27, 2026Updated last month
- Linux Process Discovery. C Library, Go bindings, Runtime.☆223Jul 20, 2022Updated 3 years ago
- Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security…☆11,213Feb 18, 2026Updated 2 weeks ago