woodruffw / gha-hazmatLinks
A menagerie of insecure and exploitable GitHub Actions workflows and action definitions
☆15Updated last week
Alternatives and similar repositories for gha-hazmat
Users that are interested in gha-hazmat are comparing it to the libraries listed below
Sorting:
- Throw a tag at it and it comes back with a checksum.☆146Updated 2 weeks ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated 2 years ago
- a fast changelog generator sourced from PRs and Issues☆62Updated last week
- Enrich SBOMs with data from third party services☆183Updated this week
- An SBOM query language and associated utilities☆54Updated last year
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆87Updated this week
- ☆45Updated 9 months ago
- A place for the InfoSec community to share and celebrate real stories of organizations successfully using SBOMs (and other bills of mater…☆43Updated last year
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆133Updated last week
- Automatically assess and score software repositories for supply chain risk.☆114Updated last week
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆82Updated 2 weeks ago
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆72Updated 3 weeks ago
- Automated determination of which AWS services run where☆20Updated this week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆212Updated this week
- List of known AWS accounts☆219Updated last week
- ForgeMT is a secure, scalable GitHub Actions runner platform for ephemeral workloads. Designed for multi-tenant environments, it automate…☆177Updated this week
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆65Updated last year
- Format agnostic SBOM tooling☆112Updated 2 weeks ago
- A tool to check the security settings of Github Organizations.☆72Updated 2 years ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated last week
- 💅🏽 analyzes your github actions☆93Updated last month
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆101Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆108Updated 2 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆231Updated 11 months ago
- A tool for preventing the installation of malicious npm and PyPI packages☆155Updated this week
- GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…☆203Updated this week
- boostsecurityio/poutine☆308Updated last week
- SLSA level 3 action☆11Updated last year
- A CLI used to work with the Wolfi OSS project☆64Updated this week
- SPDX Merge tool☆46Updated 3 months ago