software-supply-chain-security
There are 31 repositories under software-supply-chain-security topic.
guacsec/guac
GUAC aggregates software security metadata into a high fidelity graph database.
XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
aquasecurity/chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
openpubkey/openpubkey
Reference implementation of OpenPubkey
DataDog/guarddog
:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
bureado/awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
stacklok/minder
Software Supply Chain Security Platform
in-toto/attestation
in-toto Attestation Framework
phylum-dev/birdcage
Cross-platform embeddable sandboxing
DataDog/malicious-software-packages-dataset
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
vishalgarg-sec/Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
tiiuae/sbomnix
A suite of utilities to help with software supply chain challenges on nix targets
phylum-dev/cli
Command line interface for the Phylum API
intelops/compage
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.
argoproj-labs/argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
in-toto/community
in-toto is a framework to secure the software supply chain.
meta-fun/awesome-software-supply-chain-security
Sharing software supply chain security open source projects
in-toto/scai-demos
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
CMS-Enterprise/sbom-harbor
Repository for the SBOM Harbor.
assuremoss/lastpymile
A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the respective source code repository
rewanthtammana/sigstore-the-easy-way
Software signing just got easier
listendev/lstn
A CLI tool to analyze the behavior of your dependencies using listen.dev
paulveillard/cybersecurity-software
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
santiago-mooser/Software-supply-chain-security
Capstone project assessing the current state of the software supply chain in open-source projects
sonatype-nexus-community/sonatype-platform-browser-extension
The Sonatype Platform Browser Extension
syn-4ck/fafnir-sec
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
gmdavef/struts-showcase
Repo to demonstrate scanning in different CI/CD tools using ReversingLabs Spectra Assure.
jenkinsci/xygeni-sensor-plugin
Jenkins plugin for Xygeni - End to end software development and delivery security
toddysm/cssc-pipeline
Sample CI/CD pipeline for creating container images with provenance details.
xxl4tomxu98/Docker_Dependency_Security
DockerCon23 Workshop on Secure Development with Docker
zafararslan/Cybersecurity
End-to-End Cybersecurity