There are 24 repositories under supply-chain topic.
供应链中台系统基础版,集成零售管理, 电子商务, 供应链管理, 财务管理, 车队管理, 仓库管理, 人员管理, 产品管理, 订单管理, 会员管理, 连锁店管理, 加盟管理, 前端React/Ant Design, 后端Java Spring+自有开源框架,全面支持MySQL, PostgreSQL, 全面支持国产数据库南大通用GBase 8s,通过REST接口调用,前后端完全分离。
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
A collection of reference Jupyter notebooks and demo AI/ML applications for enterprise use cases: marketing, pricing, supply chain, smart manufacturing, and more.
🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Go implementation of The Update Framework (TUF)
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Security & License Compliance For Your App's Dependencies 🪱
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Independent verification of binary packages - reproducible builds
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Supplychainpy is a Python library for supply chain analysis, modelling and simulation. The library assists a workflow that is reliant on Excel and VBA.
Easy auditing & sandboxing for your JavaScript dependencies 🪱
Official GitHub Action for OpenSSF Scorecard.
A curated list of awesome supply chain blogs, podcasts, standards, projects, and examples.
Overlay is a browser extension helping developers evaluate open source packages before picking them
A blockchain-based Product Ownership Management System for anti-counterfeits in the Post Supply Chain.
AIShield Watchtower: Dive Deep into AI's Secrets! 🔍 Open-source tool by AIShield for AI model insights & vulnerability scans. Secure your AI supply chain today! ⚙️🛡️
boostsecurityio/poutine
FOSSLight Hub : Integrated management web-service for Open Source Compliance Process
一名项目兼产品管理老鸟的心得体会
Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber
A practical experiment on supply-chain security using reproducible builds