Scan for secrets and credentials in code using Gitleaks, TruffleHog, and detect-secrets

Static Application Security Testing with Semgrep, CodeQL, and language-specific analyzers

Generate Software Bill of Materials (SBOM) in SPDX and CycloneDX formats using Syft

Sign artifacts and container images using Cosign/Sigstore

Monorepo to maintain composite actions for OSDO workflows

Organization-wide GitHub configuration, templates, and community health files for OpenSecDevOps

OSDO VS Code Extension — In-editor security scanning and OSDO framework integration for Visual Studio Code.

Software Composition Analysis — Scan dependencies for vulnerabilities using OSV-Scanner, Grype, and native package managers

OSDO Operator — Kubernetes operator for automated security policy enforcement and compliance monitoring.

OSDO Documentation — Framework documentation built with Docusaurus. Guides, API references, and tutorials.

OSDO — Open SecDevOps Framework. Security-first DevOps framework for CI/CD pipelines, vulnerability scanning, compliance automation, and secure software delivery.

OSDO App — Web dashboard for the Open SecDevOps framework. Pipeline visualization, team management, and compliance reporting.

OSDO Reusable Workflows — 10 composable security workflows for GitHub Actions. SAST, SCA, secrets, containers, IaC, DAST, compliance, and more.

Infrastructure as Code security scanning with Checkov, KICS, tfsec, Terrascan and Kubernetes validation

OSDO Scanner — Containerized multi-tool security scanner for CI/CD pipelines.

OSDO CLI — Command-line interface for the Open SecDevOps framework. Security scanning, compliance reporting, and pipeline management.

Comprehensive container security scanning including image vulnerabilities, Dockerfile linting, and SBOM generation