aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

aquasecurity/chain-bench Issues

1.1.16 and 1.1.17 producing false positives
Updated 2 months ago1
Issue when the sub group has the same name as the repository
Closed a year ago
output error while running the chain-bench scan
Closed a year ago12
chain-bench does not work with gitlab if user id 1 does not exist
Updated a year ago
Provide a directly actionable solution whenever possible as part of the remediation
Updated 2 years ago1
Remove the needs for write permissions, and/or use fine grained permission tokens
Updated 2 years ago
Support Bitbucket server SCM
Updated 2 years ago
Self-hosted SCM support
Closed 2 years ago
Sarif report for chain-bench
Updated 2 years ago
chain-bench with gitlab
Closed 2 years ago
link to compliance rules missing trailing slash
Closed 2 years ago1
Code signing
Updated 2 years ago2
GitLab CI/CD failed
Closed 2 years ago5
How many checks are in GitLab scan
Closed 2 years ago1
overview Risk
Updated 2 years ago1
Using the json output is missing information about the repository
Closed 2 years ago1
New release?
Closed 2 years ago1
Improve the output - help message
Updated 2 years ago2
CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf link is broken
Closed 2 years ago2
scan locally a repository
Closed 2 years ago1
scan: ability to local directory
Updated 2 years ago4
Add support to SLSA compliance
Updated 2 years ago3
Does not work with corporative repository
Closed 2 years ago1
Duplicate section heading in PDF
Closed 2 years ago2
Show showing all columns in the CLI table
Closed 2 years ago1
False positives in control `1.2.3` and control `1.2.4`
Updated 2 years ago1
Not implemented: "3.2.3: Ensure packages are automatically scanned for license implications"
Updated 2 years ago1
chain bench config file and output assertion rules
Updated 2 years ago2
Chain Bench score
Updated 2 years ago1
Add the ability to get branch name as parameter
Closed 2 years ago
scan: segmentation fault while fetching authorized user
Closed 2 years ago2
A GitHub Action support
Closed 2 years ago3
Add a Markdown version of the 'CIS Software Supply Chain Security Guide'
Closed 2 years ago1
false positive when the endpoint is not accessible (e.g. not enough permissions)
Closed 2 years ago16
Remediation instructions should be permalinks
Closed 2 years ago3
chain-bench only works for organizations
Closed 2 years ago1
Non-conventional JSON format
Closed 2 years ago1
The result file has no date/identifier
Closed 2 years ago2
Adjust CLI logging level
Closed 2 years ago4
missing community standard checks
Closed 2 years ago1
Give a final rating
Closed 2 years ago2
Rego schema support
Closed 2 years ago1
odd tags
Closed 2 years ago3
Feature: GitHub Action
Closed 2 years ago1