GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
翻译 - OpenSCA 是一种软件组合分析 (SCA) 解决方案,支持检测开源组件依赖项和漏洞。
Reference implementation of OpenPubkey
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
Software Supply Chain Security Platform
#Awesome#A compilation of resources in the software supply chain security domain, with emphasis on open source
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
Cross-platform embeddable sandboxing
A suite of utilities to help with software supply chain challenges on nix targets
The open source artifact registry.
A tool for preventing the installation of malicious PyPI and npm packages 🔥
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Command line interface for the Phylum API
Enabling Software Supply Chain Security Capabilities in ArgoCD
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Oper...
in-toto is a framework to secure the software supply chain.
Sharing software supply chain security open source projects
Damn Vulnerable SCA Application