Supply-chain Levels for Software Artifacts
-
Updated
Dec 13, 2024 - Shell
#
supply-chain-security
Here are 142 public repositories matching this topic...
GUAC aggregates software security metadata into a high fidelity graph database.
security supply-chain software-supply-chain supply-chain-analytics supply-chain-security supply-chain-visibility software-supply-chain-security
-
Updated
Dec 14, 2024 - Go
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
security-audit containers dependency-analysis vex compliance cve sca vulnerability-scanners security-tools devsecops reachability-analysis sbom cyclonedx supply-chain-security risk-audit dependency-audit
-
Updated
Dec 4, 2024 - Python
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security
-
Updated
Mar 12, 2024 - Python
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
github golang security devops gitlab ci security-scanner devsecops supply-chain-security sdlc-security
-
Updated
Nov 12, 2024 - Go
Graphing SBOM's Fast.
-
Updated
Dec 13, 2024 - Go
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
python npm security rubygems devops security-audit static-analysis pypi malware supply-chain sandboxing developer-tools dynamic-analysis vulnerability malware-analysis devops-tools vulnerability-scanners security-tools devsecops supply-chain-security
-
Updated
Apr 2, 2024 - Python
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
actions hardening security-hardening egress-filtering network-security runners runtime-security github-actions supply-chain-security
-
Updated
Nov 18, 2024 - TypeScript
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Dec 13, 2024 - Go
Independent verification of binary packages - reproducible builds
-
Updated
Dec 12, 2024 - Rust
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
-
Updated
Dec 10, 2024 - Python
A compilation of resources in the software supply chain security domain, with emphasis on open source
static-analysis awesome-list security-vulnerability dependencies vulnerability-management software-supply-chain cve-scanning attestation package-management reproducible-builds devsecops software-composition-analysis vulnerability-scanning dependency-management oss-compliance sbom supply-chain-security supply-chain-attacks software-supply-chain-security
-
Updated
Apr 24, 2023
Orchestrate GitHub Actions Security
-
Updated
Sep 17, 2024 - Go
Tool to achieve policy driven vetting of open source dependencies
-
Updated
Dec 12, 2024 - Go
boostsecurityio/poutine
github cli golang security devops ci supply-chain security-scanner devsecops github-actions supply-chain-security gh-extension
-
Updated
Dec 11, 2024 - Go
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
nodejs javascript security security-audit ast security-tools sast ast-analysis supply-chain-security
-
Updated
Dec 1, 2024 - JavaScript
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
-
Updated
Dec 13, 2024 - Go
SBOM quality score - Quality metrics for your sboms
go golang spdx security-tools sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-quality sbom-score sbom-samples
-
Updated
Dec 13, 2024 - Go
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
python docker npm gradle maven build-system malware-analysis cicd integrity-protection malware-detection sbom slsa supply-chain-security
-
Updated
Dec 13, 2024 - Python
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."