vishalgarg-sec / Software-Supply-Chain-Security

Related projects: ⓘ

• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆165Updated 7 months ago
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆85Updated 7 months ago
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆64Updated 4 months ago
• latiotech / insecure-kubernetes-deployments
  A full insecure kubernetes application for testing security tools
  ☆41Updated last week
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆97Updated 5 months ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆126Updated this week
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆127Updated last year
• blackberry / Falco-bypasses
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆78Updated 7 months ago
• javixeneize / neo4cyclone
  ☆24Updated last year
• jstawinski / GitHub-Actions-Attack-Diagram
  ☆134Updated last week
• WithSecureLabs / IceKube
  ☆163Updated 2 months ago
• synacktiv / octoscan
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆130Updated this week
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆92Updated 6 months ago
• anchore / nvd-data-overrides
  ☆44Updated this week
• ocurity / dracon
  Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon
  ☆70Updated this week
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆229Updated this week
• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆43Updated 3 weeks ago
• OWASP / OpenCRE
  ☆76Updated this week
• raesene / Cloud-Native-Security-Talks
  ☆19Updated 5 months ago
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆202Updated this week
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆242Updated last month
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆110Updated last year
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆219Updated last month
• domain-protect / domain-protect-gcp
  Protect against subdomain takeover
  ☆92Updated 3 months ago
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆54Updated 2 months ago
• CloudDefenseAI / falco_extended_rules
  Curating Falco rules with MITRE ATT&CK Matrix
  ☆74Updated 6 months ago
• doyensec / PESD-Exporter-Extension
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
  ☆95Updated 7 months ago
• edgeroute / security-champion-framework
  The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.
  ☆102Updated 8 months ago
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆127Updated this week
• xvnpw / ai-threat-modeling-action
  AI featured threat modeling and security review action
  ☆40Updated 3 months ago