S

SBOM

Analyzer that scans for application dependencies.

Gitlab CI/CD template that facilitates scan targets against security issues

A package for installation into .Net projects, for reporting data to a Metaport server.

Integrate SCANOSS Platform with Gitlab

A fully automated 13-stage DevSecOps CI/CD pipeline that integrates security, compliance, and cloud-native deployment using GitLab CI and Amazon EKS.

The pipeline demonstrates real-world DevSecOps practices including:

• SAST, dependency, container, IaC, and Kubernetes manifest scanning • SBOM generation (CycloneDX) • Automated POA&M creation mapped to NIST controls • Evidence packaging for compliance audits • Secure image push to Amazon ECR • Deployment and validation on Amazon EKS • Full run-to-completion behavior (lab mode) with findings documented rather than blocking

This project showcases an end-to-end secure software supply chain workflow suitable for: cloud engineering, DevOps, cybersecurity, and compliance automation demonstrations.

BETA: Dependency Scanning for supported projects

A package for installation into Python web-projects, for reporting data to a Metaport server.

A package for installation into NodeJS web-projects, for reporting data to a Metaport server.

A package for installation into PHP web-projects, for reporting data to a Metaport server.

VEX exporter for GitLab projects using Dependency Scanning

CI/CD component to extract SBOMs from GitLab projects.

Kubernetes-native Helm auditor for supply chain security, aggregating SBOM, vulnerability, and provenance data.

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

This project illustrates the use of metaeffekt Kontinuum within Gitlab.