EMBA - The firmware security analyzer

A standard API specification for exchanging supply chain artifacts and intelligence

All-in-one Python template. One click. Everything included.

AWS CLI v2 + kubectl on Ubuntu 24.04. Multi-arch, cosign-signed, SBOM + SLSA attested. Non-root by default. 725K+ pulls.

Downloads SBOMs from GitHub, Mend, and Wiz. Uploads to S3 and ClickHouse.

Comment SBOM diffs as PR comments.

A pure client side CycloneDX SBOM Generator for node/npm projects

Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.

A lightweight shell script that scans node / bun / deno projects to detect vulnerable npm packages using OSV and GHSA vulnerabilities database or custom source formats (JSON / CSV / PURL / SBOM / SARIF / TRIVY)

THIS IS H A K C I N G Q U A L I T Y

Always-Green CI template: Python+Node (ruff/black/mypy · eslint/prettier · pnpm cache · workflow_dispatch · nightly · branch protection).

Container images built from upstream sources or custom Dockerfiles, with automated security scanning, release management, and SLSA provenance

TrustSource SCA for SBOM creation, Vulns & legal check as well as algo analysis

Code for the SBOM talk at SBA Security Meetup (26.11.2024)

Reusable GitHub Actions CI for Python/TypeScript with SBOM, CodeQL, Dependabot auto-merge, and PyPI publishing (OIDC Trusted Publisher). Always-green CI ready for DevSecOps.

A simple CircleCI orb used to install Syft and produce SBOMs for container images

This repo hosts a github action to run parlay( which is used to Enrich SBOMs with data from third party services ) in piplines

SentinelOS is a Debian-based integrity-first OS that delivers security posture as versioned policy packages (APT/dpkg compliant) to reduce configuration drift, with a transparent boot-chain and reproducible build discipline.

Snapshot releases of debian-dev docker images for reproducible build environments.