Alternatives and similar repositories for gha-hazmat

Users that are interested in gha-hazmat are comparing it to the libraries listed below

• github / audit-actions-workflow-runs
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆64Updated 3 weeks ago
• anchore / chronicle
  a fast changelog generator sourced from PRs and Issues
  ☆58Updated this week
• chainguard-dev / darkfiles
  Darkfiles finds orphaned files in container images and makes them to bad deeds
  ☆42Updated 2 years ago
• lightswitch05 / node-version-audit
  Audit your Node version for known CVEs and patches
  ☆25Updated this week
• stacklok / frizbee
  Throw a tag at it and it comes back with a checksum.
  ☆135Updated this week
• advanced-security / sbom-generator-action
  ☆16Updated 3 months ago
• mchmarny / vimp
  Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.
  ☆64Updated last year
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆110Updated this week
• runs-on / runner-images-for-aws
  GitHub Actions Runner images for AWS
  ☆26Updated this week
• turbot / steampipe-plugin-github
  Use SQL to instantly query repositories, users, gists and more from GitHub. Open source CLI. No DB required.
  ☆85Updated this week
• contentful-labs / terraform-diff
  Always know where you need to run Terraform plan & apply!
  ☆67Updated last year
• turbot / steampipe-plugin-exec
  Use SQL to instantly query & run shell commands on local & remote servers. Open source CLI. No DB required.
  ☆11Updated 3 weeks ago
• infrahouse / terraform-aws-secret
  Terraform module for a secret with owner/writer/reader roles.
  ☆11Updated this week
• burdzwastaken / hadolint-action
  A GitHub action to run hadolint and reports violations given a Dockerfile within a repository
  ☆13Updated last year
• anchore / binny
  Manage a directory of binaries without a package manager
  ☆30Updated this week
• aquasecurity / vim-trivy
  Vim Plugin for Trivy
  ☆14Updated last year
• hupe1980 / cdk-threagile
  Agile Threat Modeling as Code
  ☆13Updated 2 years ago
• chainguard-dev / dfc
  (d)ocker(f)ile (c)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.
  ☆49Updated this week
• chainguard-dev / bomshell
  An SBOM query language and associated utilities
  ☆54Updated last year
• jbg / cloud-seed
  Fetch user-data from a cloud provider, set the hostname, and write files. A very minimal alternative to cloud-init.
  ☆48Updated last year
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆71Updated last year
• anchore / yardstick
  Compare vulnerability scanners results (to make them better!)
  ☆16Updated 3 weeks ago
• turbot / steampipe-plugin-csv
  Use SQL to instantly query data from CSV files. Open source CLI. No DB required.
  ☆21Updated 3 weeks ago
• wolfi-dev / wolfi-act
  Dynamic GitHub Actions from Wolfi packages
  ☆43Updated last year
• turbot / steampipe-plugin-net
  Use SQL to instantly query DNS records, certificates and other network information. Open source CLI. No DB required.
  ☆25Updated last month
• DataDog / attache
  Attaché provides an emulation layer for Cloud Provider IMDS APIs
  ☆53Updated 10 months ago
• common-fate / granted-containers
  Firefox containers extension for Granted
  ☆16Updated last year
• robmorgan / infraspec
  InfraSpec is a tool for running infrastructure tests written in pure Gherkin syntax
  ☆30Updated last month
• octo-sts / app
  A GitHub App that acts like a Security Token Service (STS) for the Github API
  ☆189Updated this week
• Santiago-Labs / go-ocsf
  ☆66Updated this week