A toolset for dealing with Cryptography Bill of Materials (CBOM)

A cloud-native Pipeline resource.

Tools and utilities needed to parse GitHub Multi-Repository Variant Analysis output

Provides a simple way to run Selenium Grid with Chrome, Firefox, and Edge using Docker, making it easier to perform browser automation

Catalog of shared Tasks and Pipelines.

Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd…

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Supply Chain Security in Tekton Pipelines

A set of Tekton Tasks for using Snyk to check for vulnerabilities in your pipelines

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelin…

OpenSourced Helm charts

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Carefully crafted Alpine Docker image with glibc (~12MB)

A Github Action to run Checkov against an Infrastructure-as-Code repository. Checkov does static security analysis of Terraform, CloudFormation, Kubernetes, serverless framework and ARM templates

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.