Prevents you from committing secrets and credentials into git repositories

Official GitHub Action for OpenSSF Scorecard.

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatab…

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydata…

Audits an NPM package.json file to identify known vulnerabilities.

A suite of tools to automate software compliance checks.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

OpenSSF Scorecard - Security health metrics for Open Source

SW360 project