A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the respective source code repository
-
Updated
Jan 8, 2022 - Python
A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the respective source code repository
Enabling Software Supply Chain Security Capabilities in ArgoCD
Sharing software supply chain security open source projects
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
Capstone project assessing the current state of the software supply chain in open-source projects
A compilation of resources in the software supply chain security domain, with emphasis on open source
End-to-End Cybersecurity
Repository for the SBOM Harbor.
DockerCon23 Workshop on Secure Development with Docker
Software signing just got easier
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
Sample CI/CD pipeline for creating container images with provenance details.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Cross-platform embeddable sandboxing
The Sonatype Platform Browser Extension
Jenkins plugin for Xygeni - End to end software development and delivery security
A CLI tool to analyze the behavior of your dependencies using listen.dev
in-toto is a framework to secure the software supply chain.
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."