GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Jun 7, 2024 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
Software Supply Chain Security Platform
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
Repo to demonstrate scanning in different CI/CD tools using ReversingLabs Spectra Assure.
Command line interface for the Phylum API
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
A suite of utilities to help with software supply chain challenges on nix targets
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …
in-toto is a framework to secure the software supply chain.
Reference implementation of OpenPubkey
A CLI tool to analyze the behavior of your dependencies using listen.dev
Jenkins plugin for Xygeni - End to end software development and delivery security
The Sonatype Platform Browser Extension
Cross-platform embeddable sandboxing
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Sample CI/CD pipeline for creating container images with provenance details.
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."