GUAC aggregates software security metadata into a high fidelity graph database.

Protect against malicious open source packages 🤖

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

Graphing SBOM's Fast.

SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

boostsecurityio/poutine

Orchestrate GitHub Actions Security

Developer-centric tool to secure your software supply chain.

sbomqs: The Comprehensive SBOM Quality & Compliance Tool

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

List your dependencies capabilities and monitor if updates require more capabilities.

Format agnostic SBOM tooling

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

FOSS Resists Extralegal Executive Overreaching Nations - Threshold digital signature library in Go

PMG protects developers from getting compromised by malicious packages

🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)

Insert payload through the program set by -toolexec

Red team tool that emulates the SolarWinds CI compromise attack vector.

SBOM Move - Automate build and transfer of SBOMs across systems

Pin your 3rd Party Github Actions and Docker Images dependencies.