GUAC aggregates software security metadata into a high fidelity graph database.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-...
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Next Generation Software Composition Analysis (SCA) with Malicious Package Detection, Code Context & Policy as Code
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Independent verification of binary packages - Reproducible Builds
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
#Awesome#A compilation of resources in the software supply chain security domain, with emphasis on open source
boostsecurityio/poutine
Orchestrate GitHub Actions Security
Developer-centric tool to secure your software supply chain.
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Prevent merging of malicious code in pull requests
SBOM Assess - Evaluate SBOM quality and compliance