{"id":30028970,"url":"https://github.com/030/nononsec","last_synced_at":"2025-08-06T16:47:33.026Z","repository":{"id":303223379,"uuid":"1014728025","full_name":"030/nononsec","owner":"030","description":"No-nonsense security (NoNonSec). Ignored today, exploited tomorrow.","archived":false,"fork":false,"pushed_at":"2025-07-06T14:21:54.000Z","size":12,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-06T14:34:59.280Z","etag":null,"topics":["package-inventory","sbom","security-reporting","software-composition-analysis","vulnerability-management"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/030.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-06T09:48:06.000Z","updated_at":"2025-07-06T13:42:53.000Z","dependencies_parsed_at":"2025-07-06T14:35:00.281Z","dependency_job_id":null,"html_url":"https://github.com/030/nononsec","commit_stats":null,"previous_names":["030/nopsec","030/nononsec"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/030/nononsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/030%2Fnononsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/030%2Fnononsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/030%2Fnononsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/030%2Fnononsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/030","download_url":"https://codeload.github.com/030/nononsec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/030%2Fnononsec/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269116918,"owners_count":24362972,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-06T02:00:09.910Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["package-inventory","sbom","security-reporting","software-composition-analysis","vulnerability-management"],"created_at":"2025-08-06T16:47:27.908Z","updated_at":"2025-08-06T16:47:32.988Z","avatar_url":"https://github.com/030.png","language":"Go","readme":"# NoNonSec — No-nonsense Security\n\n## Overview\n\n**NoNonSec** delivers the hard truth:  \n**No-nonsense Security** — no shortcuts, no excuses, no endless discussions.\n\nOnly run software you can fully trust.  \nTrust is earned; it must never be assumed.\n\nNo endless debates about vague reasons like “it only runs internally” or\n“other excuses.” Security applies everywhere, no exceptions.\n\n## Shift-Left Security Is Essential\n\nNoNonSec champions **shift-left security**, integrating checks early in the\ndevelopment lifecycle:\n\n- Understand every component in your dependencies before you execute them.\n- Require full transparency and verification prior to deployment.\n- Identify and resolve security issues when they’re cheapest and easiest to fix.\n\nShifting left reduces risk and strengthens your security posture.\n\n## Earning Trust\n\nTrust comes only through rigorous verification:\n\n- **Software Bill of Materials (SBOM)**  \n  A comprehensive inventory of every component and version in the package.\n\n- **Security Scanning**  \n  Automated or manual vulnerability assessments to uncover known flaws.\n\nNo SBOM or scan? No trust. No trust? No run.\n\n## Core Principle: No SBOM + No Scan = No Run\n\nIf a package lacks both an SBOM and a vulnerability scan, **do not run it**.  \nExecuting unverified software is an unacceptable security risk.\n\n## Shift-Right Security Complements Shift-Left\n\nShift-left is vital — but it’s only half the battle. Shift-right ensures\nongoing protection:\n\n- Continuous monitoring of live systems.\n- Rapid incident detection and response.\n- Regular patching and mitigation workflows.\n\nSecurity never stops — it’s a continuous, full-lifecycle commitment.\n\n## Usage\n\nFor detailed instructions on applying NoNonSec principles, see the\n[Usage Guide](docs/usage.md).\n\n## Summary\n\nNoNonSec’s mandate is straightforward:\n\n1. No-nonsense security from day one — don’t wait for breaches.\n2. Require SBOMs and vulnerability scans before running any software.\n3. Embed shift-left practices early; maintain shift-right vigilance later.\n4. Protect your environments with transparency, verification, and continuous\n   checks.\n5. No excuses, no vague reasons — security applies everywhere.\n\n---\n\n**NoNonSec — Because security is not optional and endless excuses will not keep one safe.**\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F030%2Fnononsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F030%2Fnononsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F030%2Fnononsec/lists"}