There are 5 repositories under software-supply-chain topic.
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A compilation of resources in the software supply chain security domain, with emphasis on open source
Software Component Verification Standard (SCVS)
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Command line interface for the Phylum API
:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
Github Action implementation of SLSA Provenance Generation
Sharing software supply chain security open source projects
Repository for the SBOM Harbor.
A simple web app software supply chain monitoring toolkit
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
Capstone project assessing the current state of the software supply chain in open-source projects
software supply chain protection for javascript and python dependencies 🔐
Prototype Open Source Software Nutrition Labels
🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)
A proof-of-concept SLSA provenance generator for Buildkite.
Sample CI/CD pipeline for creating container images with provenance details.
Dev tool to aggregate and focus on the changelog relevant to your codebase
compare wheel built from git with what's on pypi
A site for an IQT R&D initiative on software supply chain security.