sonatype-nexus-community / ahabLinks
ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.
☆67Updated last year
Alternatives and similar repositories for ahab
Users that are interested in ahab are comparing it to the libraries listed below
Sorting:
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- Report missing advisories and corrections on OSS Index☆17Updated 2 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- Grype vulnerability check plugin for Visual Studio Code☆22Updated 5 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Open Source Vulnerability schema.☆199Updated last week
- ☆29Updated this week
- Go implementation of witness☆37Updated this week
- ☆114Updated last month
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- Go beyond package manager discovery for SBOM☆18Updated 3 years ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute …☆54Updated 3 years ago
- Examples of using Snyk's SBOM APIs.☆16Updated 2 years ago
- An SBOM query language and associated utilities☆54Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆78Updated 8 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- ☆62Updated 10 months ago
- Compare vulnerability scanners results (to make them better!)☆16Updated last month
- A tool to create, transform and attest VEX metadata☆139Updated 2 weeks ago
- Publishes BOMs to Dependency-Track from GitHub Actions☆54Updated 7 months ago
- Aqua Enterprise scanner as a plug-in vulnerability scanner in the Harbor registry☆37Updated 8 months ago
- Security advisory data for Wolfi☆18Updated this week
- CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices☆128Updated this week
- in-toto is a framework to secure the software supply chain.☆70Updated 4 months ago
- Utility that provides an API and CLI to identify licenses and legal terms☆49Updated this week
- Terraform module to configure Vault for GitHub OIDC authentication from Action runners.☆29Updated 9 months ago
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆64Updated last year