software-supply-chain
There are 5 repositories under software-supply-chain topic.
murphysecurity / murphysec
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
Language:Go 1571XmirrorSecurity / OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Language:Go 998aquasecurity / chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Language:Go 699bureado / awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
reproducible-buildssupply-chain-securitydevsecopsvulnerability-scanningsecurity-vulnerabilityvulnerability-managementsupply-chain-attackssbompackage-managementdependency-managementstatic-analysissoftware-composition-analysisoss-compliancesoftware-supply-chainsoftware-supply-chain-securitydependenciescve-scanningattestationawesome-listOWASP / Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
Language:Python 131in-toto / in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Language:Go 114osssanitizer / maloss
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Language:Java 108phylum-dev / cli
Command line interface for the Phylum API
Language:Rust 98- Language:Python 97
jhermann / dependency-check-py
:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
Language:Python 48philips-labs / slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
Language:Go 44meta-fun / awesome-software-supply-chain-security
Sharing software supply chain security open source projects
- Language:Rust 31
CMS-Enterprise / sbom-harbor
Repository for the SBOM Harbor.
Language:Rust 17joshlarsen / driftbot
A simple web app software supply chain monitoring toolkit
Language:JavaScript 12- Language:Go 11
sethvargo / go-malice
A malicious package to demonstrate the importance of software supply chain security.
Language:Go 7lmco / ChaordicLedger
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
Language:Shell 5paulveillard / cybersecurity-software
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
santiago-mooser / Software-supply-chain-security
Capstone project assessing the current state of the software supply chain in open-source projects
Language:Python 4amalthundiyil / vigil
software supply chain protection for javascript and python dependencies 🔐
Language:TypeScript 3IQTLabs / OSSNutritionLabelPrototypes
Prototype Open Source Software Nutrition Labels
Language:TypeScript 3pbnj / mitigating-malicious-packages
🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)
Language:Shell 3hi-artem / provenance-generator-buildkite-plugin
A proof-of-concept SLSA provenance generator for Buildkite.
Language:Go 2toddysm / cssc-pipeline
Sample CI/CD pipeline for creating container images with provenance details.
Language:Shell 1dhruvmisra / changelog-focus
Dev tool to aggregate and focus on the changelog relevant to your codebase
Language:TypeScript 0abe-winter / compare-wheel
compare wheel built from git with what's on pypi
Language:Pythonjspeed-meyers / the-broken-links-project
A site for an IQT R&D initiative on software supply chain security.
