Orchestrate GitHub Actions Security
☆305Jan 16, 2026Updated last month
Alternatives and similar repositories for secure-repo
Users that are interested in secure-repo are comparing it to the libraries listed below
Sorting:
- Purpose-built security agent for hosted runners☆40Updated this week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆966Feb 26, 2026Updated last week
- Official GitHub Action for OpenSSF Scorecard.☆361Feb 10, 2026Updated 3 weeks ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆495Jun 27, 2025Updated 8 months ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Updated this week
- AI-Powered Code Reviews for Best Practices & Security Issues Across Languages☆21Aug 8, 2025Updated 6 months ago
- A simple tool for converting Rego (OPA) rule into command.☆30Jun 1, 2022Updated 3 years ago
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆19Nov 27, 2025Updated 3 months ago
- GitHub token permissions Monitor and Advisor actions☆353Jan 31, 2026Updated last month
- Language-agnostic SLSA provenance generation for Github Actions☆549Updated this week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,283Feb 25, 2026Updated last week
- Publish from GitHub Actions using multi-factor authentication☆296Updated this week
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆80Feb 23, 2026Updated last week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆832Mar 28, 2025Updated 11 months ago
- Runtime Security Solution for your CI/CD Pipeline☆113Jan 30, 2026Updated last month
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆75Updated this week
- ☆13Nov 5, 2024Updated last year
- A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs☆790Updated this week
- Slack alert bot for matching Github Audit Events☆10Nov 12, 2024Updated last year
- A Kubernetes admission controller driven by open-feature☆14Apr 3, 2023Updated 2 years ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- Awesome AWS service control policies (SCPs), Resource Control Policies (RCPs), and other organizational policies☆32Nov 26, 2025Updated 3 months ago
- Trivy plugin for OCI referrers☆23May 13, 2024Updated last year
- boostsecurityio/poutine☆367Feb 23, 2026Updated last week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- A tool for securing CI/CD workflows with version pinning.☆883Jun 27, 2025Updated 8 months ago
- A tool to create, transform and attest VEX metadata☆176Updated this week
- Ephemeral Clusters as a Service with ClusterAPI and GitOps☆19May 14, 2023Updated 2 years ago
- agent for handling seccomp descriptors for container runtimes☆47Feb 1, 2024Updated 2 years ago
- Machine-readable specification for the attestation of security-relevant data.☆72Feb 24, 2026Updated last week
- A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod☆13Jan 20, 2026Updated last month
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- Showcasing the potential of SPIFFE with real-life services☆10Jan 27, 2026Updated last month
- ☆11Nov 11, 2022Updated 3 years ago
- Linux agent used to submit realtime SBOMs and dependency usage information to EdgeBit☆15Jan 24, 2025Updated last year
- Action to automatically open a new PR to the https://github.com/withfig/autocomplete repo☆12Sep 4, 2024Updated last year
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆769Dec 11, 2024Updated last year
- Sigstore user stories☆31Aug 25, 2023Updated 2 years ago
- Search Rekor for entries☆39Updated this week