There are 5 repositories under supply-chain-security topic.
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Independent verification of binary packages - reproducible builds
Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.
A compilation of resources in the software supply chain security domain, with emphasis on open source
Orchestrate GitHub Actions Security
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
SBOM quality score - Quality metrics for your sboms
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Experimental binary transparency for pacman with sigstore and rekor
Runtime Security Solution for your CI/CD Pipeline
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
scans popular packages and alerts in cases there is suspicion of an account takeover
Sharing software supply chain security open source projects
Insert payload through the program set by -toolexec. Just a toy
Docker and Kubernetes security steps to help you create, build, test, and run safer in containers
boostsecurityio/poutine
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Red team tool that emulates the SolarWinds CI compromise attack vector.