sonatype-nexus-community / ahab

Related projects ⓘ

Alternatives and complementary repositories for ahab

• IBM / sbom-utility
  This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility
  ☆61Updated last year
• ossf / ossf-landscape
  ☆26Updated this week
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated 2 weeks ago
• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆39Updated last year
• aquasecurity / cfsec
  Static analysis for CloudFormation templates to identify common misconfiguration
  ☆58Updated 2 years ago
• spdx / spdx-to-osv
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆60Updated 5 months ago
• VexStore / fatbom
  fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…
  ☆32Updated 2 years ago
• praetorian-inc / snowcat
  a tool to audit the istio service mesh
  ☆173Updated 3 years ago
• chainguard-dev / vex
  vexctl is a tool to attest VEX impact statements
  ☆44Updated last year
• falcosecurity-retire / cloud-native-security-hub
  Cloud Native Security Hub - Security Resources
  ☆54Updated 4 years ago
• thought-machine / dracon
  Security scanning & static analysis tool
  ☆93Updated last month
• OSSIndex / vulns
  Report missing advisories and corrections on OSS Index
  ☆17Updated last year
• openvex / spec
  OpenVEX Specification
  ☆132Updated 4 months ago
• anchore / grype-vscode
  Grype vulnerability check plugin for Visual Studio Code
  ☆22Updated 2 months ago
• chainguard-dev / github-audit-alerter
  Slack alert bot for matching Github Audit Events
  ☆10Updated last week
• GoogleCloudPlatform / inspec-gke-cis-benchmark
  GKE CIS 1.1.0 Benchmark InSpec Profile
  ☆27Updated 3 years ago
• in-toto / specification
  Specification and other related documents.
  ☆40Updated 6 months ago
• rewanthtammana / sigstore-the-easy-way
  Software signing just got easier
  ☆15Updated 11 months ago
• octo-sts / action
  ☆30Updated 3 weeks ago
• slsa-framework / github-actions-demo
  Proof-of-concept SLSA provenance generator for GitHub Actions
  ☆99Updated 2 years ago
• aquasecurity / harbor-scanner-aqua
  Aqua Enterprise scanner as a plug-in vulnerability scanner in the Harbor registry
  ☆36Updated last month
• knative-extensions / security-guard
  Runtime security plug to protect user containers
  ☆65Updated this week
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆186Updated this week
• chainguard-dev / bomshell
  An SBOM query language and associated utilities
  ☆54Updated 10 months ago
• in-toto / community
  in-toto is a framework to secure the software supply chain.
  ☆69Updated 3 weeks ago
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆221Updated 3 months ago
• anchore / yardstick
  Compare vulnerability scanners results (to make them better!)
  ☆15Updated this week
• octarinesec / kccss
  Kubernetes Common Configuration Scoring System
  ☆124Updated 2 years ago
• appvia / cosign-keyless-admission-webhook
  Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
  ☆22Updated this week
• ossf / package-feeds
  Feed parsing for language package manager updates
  ☆71Updated this week