software-supply-chain-security

GUAC aggregates software security metadata into a high fidelity graph database.

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

Reference implementation of OpenPubkey

🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Software Supply Chain Security Platform

#Awesome#A compilation of resources in the software supply chain security domain, with emphasis on open source

in-toto Attestation Framework

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

Faster builds, zero effort.

A suite of utilities to help with software supply chain challenges on nix targets

Cross-platform embeddable sandboxing

A tool for preventing the installation of malicious npm and PyPI packages 🔥

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...

Command line interface for the Phylum API

Enabling Software Supply Chain Security Capabilities in ArgoCD

Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Oper...

ReARM - Supply Chain Security and Asset Management for Releases, SBOMs, xBOMs, Security Artifacts

in-toto is a framework to secure the software supply chain.

Sharing software supply chain security open source projects