GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Jul 16, 2024 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Orchestrate GitHub Actions Security
Tool to achieve policy driven vetting of open source dependencies
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
boostsecurityio/poutine
SBOM quality score - Quality metrics for your sboms
List your dependencies capabilities and monitor if updates require more capabilities.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Developer-centric tool to secure your software supply chain.
Insert payload through the program set by -toolexec. Just a toy
Red team tool that emulates the SolarWinds CI compromise attack vector.
Pin your 3rd Party Github Actions and Docker Images dependencies.
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
The Cartographer CLI offers a convenient way to manage a Cartographer installation and related workflows.
Frizbee Action helps you pin your GitHub Actions and container images to specific versions using checksums.
Go API client for osv.dev
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."