RITMS AVE
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
A vulnerability scanner for container images and filesystems
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
OpenSSF Scorecard - Security health metrics for Open Source
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Layer for static code analysis and security hardening
Search an SBOM for licenses and the packages they belong to
A tool for checking the security hardening options of the Linux kernel
EMBArk - The firmware security scanning environment