diff --git a/data/tools/dockle.yml b/data/tools/dockle.yml new file mode 100644 index 000000000..684b331b5 --- /dev/null +++ b/data/tools/dockle.yml @@ -0,0 +1,18 @@ +name: Dockle +categories: + - linter +tags: + - container + - security + - dockerfile +license: Apache License 2.0 +types: + - cli +source: "https://github.com/goodwithtech/dockle" +homepage: "https://github.com/goodwithtech/dockle" +description: >- + Container Image Linter for Security helping build the Best-Practice Docker + Image. Scans Docker images for security vulnerabilities and CIS Benchmark + compliance. Checks for secrets, credential exposure, and security best + practices. Provides multiple severity levels (FATAL, WARN, INFO) and + supports various output formats for CI/CD integration. \ No newline at end of file diff --git a/data/tools/grype.yml b/data/tools/grype.yml new file mode 100644 index 000000000..5db1ba357 --- /dev/null +++ b/data/tools/grype.yml @@ -0,0 +1,18 @@ +name: Grype +categories: + - linter +tags: + - security + - container +license: Apache License 2.0 +types: + - cli +source: "https://github.com/anchore/grype" +homepage: "https://github.com/anchore/grype" +description: >- + Vulnerability scanner for container images and filesystems. Developed by + Anchore, it scans container images, directories, and archives for known + vulnerabilities. Supports multiple image formats, SBOM integration, and + VEX (Vulnerability Exploitability eXchange) for accurate vulnerability + assessment. Works with various vulnerability databases and provides + detailed reporting. \ No newline at end of file diff --git a/data/tools/osv-scanner.yml b/data/tools/osv-scanner.yml new file mode 100644 index 000000000..9c481d675 --- /dev/null +++ b/data/tools/osv-scanner.yml @@ -0,0 +1,17 @@ +name: OSV-Scanner +categories: + - linter +tags: + - security + - go +license: Apache License 2.0 +types: + - cli +source: "https://github.com/google/osv-scanner" +homepage: "https://osv.dev/" +description: >- + Vulnerability scanner written in Go which uses the data provided by OSV.dev. + Developed by Google to scan dependencies across multiple languages and + package managers for known vulnerabilities. Supports container scanning, + license scanning, and guided remediation. Works with lockfiles, SBOMs, + and container images to identify security issues. \ No newline at end of file diff --git a/data/tools/pip-audit.yml b/data/tools/pip-audit.yml new file mode 100644 index 000000000..d0c7da023 --- /dev/null +++ b/data/tools/pip-audit.yml @@ -0,0 +1,17 @@ +name: pip-audit +categories: + - linter +tags: + - python + - security +license: Apache License 2.0 +types: + - cli +source: "https://github.com/pypa/pip-audit" +homepage: "https://github.com/pypa/pip-audit" +description: >- + Tool for scanning Python packages for known vulnerabilities. Developed by + the Python Packaging Authority (PyPA) and supported by Trail of Bits and + Google. Scans Python environments and requirements files to identify + vulnerable packages and suggests remediation. Supports GitHub Actions, + pre-commit hooks, and multiple vulnerability service integrations. \ No newline at end of file diff --git a/data/tools/safety.yml b/data/tools/safety.yml new file mode 100644 index 000000000..aa3a307e7 --- /dev/null +++ b/data/tools/safety.yml @@ -0,0 +1,17 @@ +name: Safety +categories: + - linter +tags: + - python + - security +license: MIT License +types: + - cli +source: "https://github.com/pyupio/safety" +homepage: "https://safetycli.com/" +description: >- + Python dependency vulnerability scanner designed to enhance software supply + chain security by detecting packages with known vulnerabilities. Checks + Python dependencies against a database of known security vulnerabilities + and provides detailed reports. Supports CI/CD integration and multiple + output formats. \ No newline at end of file