woodruffw / zizmor

Related projects ⓘ

Alternatives and complementary repositories for zizmor

• gittuf / gittuf
  A security layer for Git repositories
  ☆464Updated this week
• step-security / harden-runner
  Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
  ☆618Updated 2 weeks ago
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆229Updated last week
• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆623Updated 3 weeks ago
• xeol-io / xeol
  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
  ☆347Updated this week
• grampelberg / kty
  The terminal for Kubernetes
  ☆405Updated last month
• chainguard-dev / malcontent
  a new take on #malware #detection
  ☆435Updated this week
• safedep / vet
  Tool to achieve policy driven vetting of open source dependencies
  ☆228Updated last week
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆247Updated this week
• github / evergreen
  GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…
  ☆184Updated last week
• rusty-ferris-club / shellclear
  Secure shell history commands by finding sensitive data
  ☆219Updated last year
• maelstrom-software / maelstrom
  Maelstrom is a fast Rust, Go, and Python test runner that runs every test in its own container. Tests are either run locally or distribut…
  ☆584Updated this week
• tldrsec / awesome-secure-defaults
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆668Updated last week
• GitHubSecurityLab / actions-permissions
  GitHub token permissions Monitor and Advisor actions
  ☆257Updated 4 months ago
• incidentalhq / incidental
  An opensource incident management platform integrating with Slack.
  ☆518Updated last month
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆78Updated this week
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆279Updated 2 weeks ago
• pypa / gh-action-pip-audit
  A GitHub Action for pip-audit
  ☆68Updated 3 months ago
• ManuelBerrueta / FlowAnalyzer
  FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
  ☆173Updated 4 months ago
• DataDog / guarddog
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆611Updated last week
• reproducible-containers / diffoci
  diff for Docker and OCI container images
  ☆309Updated last week
• Resourcely-Inc / cloud-guardrails
  Open-source best practices for protecting a secure, sensible cloud platform
  ☆88Updated 2 weeks ago
• snyk / parlay
  Enrich SBOMs with data from third party services
  ☆113Updated last week
• mindersec / minder
  Software Supply Chain Security Platform
  ☆285Updated this week
• TupleType / awesome-cicd-attacks
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆488Updated 2 weeks ago
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆79Updated last week
• step-security / secure-repo
  Orchestrate GitHub Actions Security
  ☆256Updated last month
• nianticlabs / venator
  A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalo…
  ☆349Updated last month
• github / cleanowners
  A GitHub Action to suggest removal of non-organization members from CODEOWNERS files
  ☆115Updated last week
• mitre / hipcheck
  Automatically assess and score software repositories for supply chain risk.
  ☆74Updated this week