This repository contains the source for the Eclipse Foundation Security Handbook.
- Compiled in secure-developer.md
- digital-defense.io: personal security checklist.
- Secure Supply Chain Consumption Framework (S2C2F) Requirements
- Guide to coordinated vulnerability disclosure for open source software projects
- Security insights specification: report information about project security in a machine-processable way
- Concise Guide for Developing More Secure Software
- Concise Guide for Evaluating Open Source Software
- Source Code Management Platform Configuration Best Practices
- FLOSS Best Practices Criteria
- Source Code Management Platform Configuration Best Practices
- Secure Supply Chain Consumption Framework (S2C2F) Simplified Requirements
- sbom-scorecard: Generate a score for your sbom to understand if it will actually be useful
- libyear: A simple measure of software dependency freshness
- bomber: Scans Software Bill of Materials (SBOMs) for security vulnerabilities
- dependency-track: Continuous SBOM Analysis Platform
- syft: CLI tool and library for generating a Software Bill of Materials from container images and filesystems
- grype: A vulnerability scanner for container images and filesystems
- dependency-check: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
- unblob: Extract files from any kind of container formats
- hinge: Creates and updates your Dependabot config
- tacos framework: framework for attesting to the secure software development practices of open source packages
- trivy: Trivy is a comprehensive and versatile security scanner. Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- clair: Vulnerability Static Analysis for Containers
- kube-bench: tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark
- Open Source Security Index: The Most Popular & Fastest Growing Open Source Security Projects on GitHub
- Fleet: Device management