aquasecurity/chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
GoApache-2.0
Issues
- 1
1.1.16 and 1.1.17 producing false positives
#123 opened by chuglo - 0
- 12
output error while running the chain-bench scan
#80 opened by bparinas - 0
- 1
Provide a directly actionable solution whenever possible as part of the remediation
#34 opened by rgreinho - 0
Remove the needs for write permissions, and/or use fine grained permission tokens
#119 opened by sammcj - 0
Support Bitbucket server SCM
#118 opened by S0obi - 0
Self-hosted SCM support
#110 opened by hunter - 0
Sarif report for chain-bench
#113 opened by krol3 - 0
chain-bench with gitlab
#114 opened by krol3 - 1
link to compliance rules missing trailing slash
#112 opened by markgoho - 2
Code signing
#64 opened by krol3 - 5
GitLab CI/CD failed
#107 opened by krzysztofkorozej - 1
How many checks are in GitLab scan
#109 opened by krzysztofkorozej - 1
overview Risk
#89 opened by krol3 - 1
- 1
New release?
#87 opened by rgreinho - 2
Improve the output - help message
#88 opened by krol3 - 2
- 1
scan locally a repository
#84 opened by krol3 - 4
scan: ability to local directory
#54 opened by Dentrax - 3
Add support to SLSA compliance
#63 opened by krol3 - 1
Does not work with corporative repository
#83 opened by bret99 - 2
Duplicate section heading in PDF
#67 opened by ThisIsMissEm - 1
Show showing all columns in the CLI table
#77 opened by MartinPetkov - 1
- 1
Not implemented: "3.2.3: Ensure packages are automatically scanned for license implications"
#76 opened by MartinPetkov - 2
- 1
Chain Bench score
#62 opened by orizerah - 0
Add the ability to get branch name as parameter
#61 opened by MorAlon1 - 2
- 3
A GitHub Action support
#41 opened by morwn - 1
- 16
false positive when the endpoint is not accessible (e.g. not enough permissions)
#32 opened by rgreinho - 3
Remediation instructions should be permalinks
#35 opened by rgreinho - 1
chain-bench only works for organizations
#31 opened by rgreinho - 1
Non-conventional JSON format
#43 opened by rgreinho - 2
The result file has no date/identifier
#38 opened by rgreinho - 4
Adjust CLI logging level
#33 opened by rgreinho - 1
missing community standard checks
#36 opened by rgreinho - 2
Give a final rating
#37 opened by rgreinho - 1
Rego schema support
#17 opened by naortalmor1 - 3
odd tags
#19 opened by 06kellyjac - 1
Feature: GitHub Action
#23 opened by hazcod