Software Supply Chain Security Platform
-
Updated
Jun 12, 2024 - Go
Software Supply Chain Security Platform
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
GUAC aggregates software security metadata into a high fidelity graph database.
Command line interface for the Phylum API
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Reference implementation of OpenPubkey
Repo to demonstrate scanning in different CI/CD tools using ReversingLabs Spectra Assure.
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
A suite of utilities to help with software supply chain challenges on nix targets
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …
in-toto is a framework to secure the software supply chain.
A CLI tool to analyze the behavior of your dependencies using listen.dev
Jenkins plugin for Xygeni - End to end software development and delivery security
The Sonatype Platform Browser Extension
Cross-platform embeddable sandboxing
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Sample CI/CD pipeline for creating container images with provenance details.
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."