Open-Source-Security-Guide
slsa-github-generator
| Open-Source-Security-Guide | slsa-github-generator | |
|---|---|---|
| 23 | 3 | |
| 850 | 371 | |
| - | 3.5% | |
| 6.4 | 9.0 | |
| 4 months ago | 7 days ago | |
| Go | Go | |
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Open-Source-Security-Guide
-
Degree vs Certifications
Cyber Security is one of the biggest needs in the industry right now as well. This Github has a lot of information for all the different areas.
-
Open Source Security Development
Useful Tools and Resources for those getting into IT Security development such as Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks.
-
Open Source Security Guide
Useful Tools and Resources for Open Source Security development.
I found this useful Open Source Security Guide. I thought I'd share for anyone that's interested .
-
New to Forensics, Drop some Forensics tools/training content
Open sourse OS that comes preintalled with lots of tools we use includijg a software write blocker. Best for investigating an image of an infected device. https://tsurugi-linux.org/ IR plan https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan Very detailed IR battle cards https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards IR focused guide that lists lots of helpful tools and resources, like things to use for reverse engineering. https://github.com/mikeroyal/Open-Source-Security-Guide
-
Useful Security Guide
Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.
- Found a useful Open Source Security Guide
- Found a useful Security Guide
slsa-github-generator
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
-
UEFI Software Bill of Materials Proposal
https://github.com/slsa-framework/slsa-github-generator#gene... :
> Supply chain Levels for Software Artifacts, or SLSA (salsa), is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
> SLSA defines an incrementally-adoptable set of levels which are defined in terms of increasing compliance and assurance. SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are.
- slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions
What are some alternatives?
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
slsa-provenance-action - Github Action implementation of SLSA Provenance Generation
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
gsvsoc_cirt-playbook-battle-cards - Cyber Incident Response Team Playbook Battle Cards
appvm - Nix-based app VMs
secureCodeBox - secureCodeBox (SCB) - continuous secure delivery out of the box
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
bulk_extractor - This is the development tree. Production downloads are at:
gitleaks - Protect and discover secrets using Gitleaks 🔑
gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
GptHidra - GptHidra is a Ghidra plugin that uses the OpenAI Chat GPT to explain functions. With GptHidra, you can easily understand the purpose and behavior of functions in your codebase. Now with GPT4 Support!