slsa-github-generator
Open-Source-Security-Guide
slsa-github-generator | Open-Source-Security-Guide | |
---|---|---|
3 | 23 | |
378 | 859 | |
5.3% | - | |
9.0 | 6.4 | |
6 days ago | 5 months ago | |
Go | Go | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
slsa-github-generator
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
-
UEFI Software Bill of Materials Proposal
https://github.com/slsa-framework/slsa-github-generator#gene... :
> Supply chain Levels for Software Artifacts, or SLSA (salsa), is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
> SLSA defines an incrementally-adoptable set of levels which are defined in terms of increasing compliance and assurance. SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are.
- slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions
Open-Source-Security-Guide
-
Degree vs Certifications
Cyber Security is one of the biggest needs in the industry right now as well. This Github has a lot of information for all the different areas.
-
Open Source Security Development
Useful Tools and Resources for those getting into IT Security development such as Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks.
-
Open Source Security Guide
Useful Tools and Resources for Open Source Security development.
I found this useful Open Source Security Guide. I thought I'd share for anyone that's interested .
-
New to Forensics, Drop some Forensics tools/training content
Open sourse OS that comes preintalled with lots of tools we use includijg a software write blocker. Best for investigating an image of an infected device. https://tsurugi-linux.org/ IR plan https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan Very detailed IR battle cards https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards IR focused guide that lists lots of helpful tools and resources, like things to use for reverse engineering. https://github.com/mikeroyal/Open-Source-Security-Guide
-
Useful Security Guide
Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.
- Found a useful Open Source Security Guide
- Found a useful Security Guide
What are some alternatives?
slsa-provenance-action - Github Action implementation of SLSA Provenance Generation
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
appvm - Nix-based app VMs
gsvsoc_cirt-playbook-battle-cards - Cyber Incident Response Team Playbook Battle Cards
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
secureCodeBox - secureCodeBox (SCB) - continuous secure delivery out of the box
gitleaks - Protect and discover secrets using Gitleaks 🔑
bulk_extractor - This is the development tree. Production downloads are at:
GptHidra - GptHidra is a Ghidra plugin that uses the OpenAI Chat GPT to explain functions. With GptHidra, you can easily understand the purpose and behavior of functions in your codebase. Now with GPT4 Support!
gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses