woodruffw / zizmor
A tool for finding security issues in GitHub Actions setups.
☆331Updated this week
Related projects ⓘ
Alternatives and complementary repositories for zizmor
- A security layer for Git repositories☆464Updated this week
- Network egress filtering and runtime security for GitHub-hosted and self-hosted runners☆618Updated 2 weeks ago
- boostsecurityio/poutine☆229Updated last week
- CI/CD Security Analyzer☆623Updated 3 weeks ago
- A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs☆347Updated this week
- The terminal for Kubernetes☆405Updated last month
- a new take on #malware #detection☆435Updated this week
- Tool to achieve policy driven vetting of open source dependencies☆228Updated last week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆247Updated this week
- GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…☆184Updated last week
- Secure shell history commands by finding sensitive data☆219Updated last year
- Maelstrom is a fast Rust, Go, and Python test runner that runs every test in its own container. Tests are either run locally or distribut…☆584Updated this week
- Awesome secure by default libraries to help you eliminate bug classes!☆668Updated last week
- GitHub token permissions Monitor and Advisor actions☆257Updated 4 months ago
- An opensource incident management platform integrating with Slack.☆518Updated last month
- Format agnostic SBOM tooling☆78Updated this week
- Gram is Klarna's own threat model diagramming tool☆279Updated 2 weeks ago
- A GitHub Action for pip-audit☆68Updated 3 months ago
- FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).☆173Updated 4 months ago
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆611Updated last week
- diff for Docker and OCI container images☆309Updated last week
- Open-source best practices for protecting a secure, sensible cloud platform☆88Updated 2 weeks ago
- Enrich SBOMs with data from third party services☆113Updated last week
- Software Supply Chain Security Platform☆285Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆488Updated 2 weeks ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆79Updated last week
- Orchestrate GitHub Actions Security☆256Updated last month
- A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalo…☆349Updated last month
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆115Updated last week
- Automatically assess and score software repositories for supply chain risk.☆74Updated this week