Alternatives and similar repositories for core

Users that are interested in core are comparing it to the libraries listed below

• mindersec / minder
  Software Supply Chain Security Platform
  ☆373Updated this week
• safedep / vet
  Protect against malicious open source packages 🤖
  ☆942Updated this week
• prequel-dev / preq
  preq is the community-driven problem detector for Common Reliability Enumerations (CREs)⚡️
  ☆330Updated 3 weeks ago
• prequel-dev / cre
  Common Reliability Enumerations (CREs) developed by the community 📖
  ☆246Updated last week
• protobom / protobom
  A universal SBOM representation in protocol buffers
  ☆315Updated last week
• chainloop-dev / chainloop
  SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
  ☆522Updated this week
• in-toto / witness
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆514Updated last week
• ossf / security-baseline
  ☆140Updated this week
• theopenlane / openlane-ui
  the openlane ui - holds the openlane console and storybook
  ☆15Updated this week
• defenseunicorns-labs / lula1
  The Compliance Validator
  ☆183Updated this week
• CycloneDX / cyclonedx-go
  Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
  ☆103Updated last week
• xeol-io / xeol
  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
  ☆429Updated last week
• StacklokLabs / mkp
  MKP is a Model Context Protocol (MCP) server for Kubernetes
  ☆56Updated last week
• stacklok / trusty-action
  Trusty Dependency Risk Action
  ☆10Updated 11 months ago
• getprobo / probo
  Open source solutions for SOC2, GDPR, and ISO27001
  ☆960Updated this week
• turbot / tailpipe
  select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, r…
  ☆534Updated last month
• dadrus / heimdall
  A cloud native Identity Aware Proxy and Access Control Decision service
  ☆220Updated this week
• mondoohq / cnspec
  An open source, cloud-native security to protect everything from build to runtime
  ☆397Updated this week
• sigstore / sigstore-go
  Go library for Sigstore signing and verification
  ☆83Updated this week
• valyentdev / ravel
  An open-source containers-as-microVMs orchestrator.
  ☆485Updated last month
• google / osv-scalibr
  OSV-SCALIBR: A library for Software Composition Analysis
  ☆565Updated this week
• anchore / grant
  A license scanner for container images and filesystems.
  ☆137Updated this week
• sigstore / rekor
  Software Supply Chain Transparency Log
  ☆1,073Updated last week
• sigstore / sigstore
  Common go library shared across sigstore services and clients
  ☆498Updated last week
• google / deps.dev
  Resources for the deps.dev API
  ☆377Updated last week
• solo-io / gloo
  The Cloud-Native API Gateway and AI Gateway
  ☆149Updated this week
• distr-sh / distr
  The Open Source control plane for self-managed, BYOC, and on-prem deployments. Everything you need to distribute applications to self-man…
  ☆709Updated this week
• openvex / vexctl
  A tool to create, transform and attest VEX metadata
  ☆172Updated last week
• obot-platform / obot
  Complete MCP Platform -- Hosting, Registry, Gateway, and Chat Client
  ☆596Updated this week
• cncf / gitjobs
  GitJobs is a simple open source, developer first job board focused on open source job opportunities.
  ☆109Updated this week