Grafeas is an API specification designed for managing metadata about software resources including container images, virtual machine images, JAR files, and scripts. The tool provides a standardized approach to audit and govern software supply chains by enabling build, auditing, and compliance tools to store, query, and retrieve comprehensive metadata on various software components. Grafeas organizes metadata information into two main components: notes and occurrences. This structure allows third-party metadata providers to create and manage metadata on behalf of multiple customers while maintaining clear separation of concerns. The system supports fine-grained access control mechanisms for different types of metadata, ensuring appropriate permissions and security boundaries are maintained across different metadata categories and user roles.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A brute-force protection middleware for express routes that rate-limits incoming requests.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.