xeol-io / xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
☆342Updated last week
Related projects: ⓘ
- Evaluate source control (GitHub) security posture☆248Updated last year
- A security layer for Git repositories☆447Updated this week
- Open source compliance tool for development platforms.☆283Updated 10 months ago
- Software Supply Chain Security Platform☆246Updated this week
- Inspect certificate authorities in container images☆226Updated 4 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆403Updated this week
- BadRobot - Operator Security Audit Tool☆214Updated this week
- KBOM - Kubernetes Bill of Materials☆301Updated 3 months ago
- boostsecurityio/poutine☆202Updated this week
- ☆359Updated this week
- Network egress filtering and runtime security for GitHub-hosted and self-hosted runners☆597Updated last week
- Tool to achieve policy driven vetting of open source dependencies☆214Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆759Updated last week
- An open source, cloud-native security to protect everything from build to runtime☆249Updated this week
- Verify provenance from SLSA compliant builders☆223Updated 2 weeks ago
- Vulnerability scanning just got lazier☆275Updated 4 months ago
- A utility to generate SPDX-compliant Bill of Materials manifests☆330Updated last week
- Chalk allows you to follow code from development, through builds and into production.☆348Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆219Updated last month
- ☆225Updated this week
- Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and mo…☆357Updated this week
- The Terraform Live Graph Extension for Visual Studio Code is a plugin that allows you to generate a live Terraform graph as you code.☆234Updated last year
- Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.☆363Updated 2 weeks ago
- Notice: Postee is no longer under active development or maintenance.☆209Updated this week
- CI/CD Security Analyzer☆610Updated 3 weeks ago
- Catalogue all images of a Kubernetes cluster to multiple targets with Syft☆189Updated last week
- All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.☆311Updated 8 months ago
- Deploy and manage confidential containers on Kubernetes☆181Updated this week
- OpenVEX Specification☆125Updated 2 months ago
- open source, cloud-native, graph-based asset inventory☆296Updated this week