Supply-chain Levels for Software Artifacts
-
Updated
Oct 31, 2024 - Shell
#
supply-chain-security
Here are 134 public repositories matching this topic...
GUAC aggregates software security metadata into a high fidelity graph database.
security
supply-chain
software-supply-chain
supply-chain-analytics
supply-chain-security
supply-chain-visibility
software-supply-chain-security
-
Updated
Nov 1, 2024 - Go
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7
security-audit
containers
dependency-analysis
vex
compliance
cve
sca
vulnerability-scanners
security-tools
devsecops
reachability-analysis
sbom
cyclonedx
supply-chain-security
risk-audit
dependency-audit
-
Updated
Oct 21, 2024 - Python
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python
docker
open-source
tool
containers
compliance
dependencies
spdx
metadata-extraction
risk-management
software-composition-analysis
oss-compliance
sbom
supply-chain-security
-
Updated
Mar 12, 2024 - Python
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
github
golang
security
devops
gitlab
ci
security-scanner
devsecops
supply-chain-security
sdlc-security
-
Updated
Sep 25, 2024 - Go
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
python
npm
security
rubygems
devops
security-audit
static-analysis
pypi
malware
supply-chain
sandboxing
developer-tools
dynamic-analysis
vulnerability
malware-analysis
devops-tools
vulnerability-scanners
security-tools
devsecops
supply-chain-security
-
Updated
Apr 2, 2024 - Python
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
actions
hardening
security-hardening
egress-filtering
network-security
runners
runtime-security
github-actions
supply-chain-security
-
Updated
Oct 28, 2024 - TypeScript
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
security
open-source-licensing
compliance
license
spdx
attestation
devsecops
ospo
oss-compliance
sbom
in-toto
cyclonedx
slsa
supply-chain-security
sbom-distribution
slsa-provenance
metadata-platform
sbom-discovery
regulated-industry
-
Updated
Nov 1, 2024 - Go
Independent verification of binary packages - reproducible builds
-
Updated
Sep 20, 2024 - Rust
Graphing SBOM's Fast.
-
Updated
Oct 31, 2024 - Go
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
-
Updated
Oct 16, 2024 - Python
A compilation of resources in the software supply chain security domain, with emphasis on open source
static-analysis
awesome-list
security-vulnerability
dependencies
vulnerability-management
software-supply-chain
cve-scanning
attestation
package-management
reproducible-builds
devsecops
software-composition-analysis
vulnerability-scanning
dependency-management
oss-compliance
sbom
supply-chain-security
supply-chain-attacks
software-supply-chain-security
-
Updated
Apr 24, 2023
Orchestrate GitHub Actions Security
-
Updated
Sep 17, 2024 - Go
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
nodejs
javascript
security
security-audit
ast
security-tools
sast
ast-analysis
supply-chain-security
-
Updated
Nov 1, 2024 - JavaScript
boostsecurityio/poutine
github
cli
golang
security
devops
ci
supply-chain
security-scanner
devsecops
github-actions
supply-chain-security
gh-extension
-
Updated
Nov 1, 2024 - Go
Tool to achieve policy driven vetting of open source dependencies
-
Updated
Nov 3, 2024 - Go
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
-
Updated
Nov 1, 2024 - Go
SBOM quality score - Quality metrics for your sboms
go
golang
spdx
security-tools
sbom
cyclonedx
devsecops-pipeline
supply-chain-security
sbom-examples
sbom-tool
sbom-quality
sbom-score
sbom-samples
-
Updated
Nov 3, 2024 - Go
Small tool to inform you about potential risks in project dependencies list
-
Updated
Nov 21, 2023 - TypeScript
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."