software-supply-chain

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

GUAC aggregates software security metadata into a high fidelity graph database.

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Software Supply Chain Security Platform

A compilation of resources in the software supply chain security domain, with emphasis on open source

全语言制品仓库，涵盖npm、Maven、PyPi、Docker、Gradle、SBT、Cocoapods、Swift、RPM、Debian、PHP、Go、Pub、Ivy、NuGet、Conda、Cargo、Conan、Yarn、GitLFS、Helm、OHPM等主流工具,涵盖Huggingface 等主流AI模型仓库的代理与同步

A suite of utilities to help with software supply chain challenges on nix targets

Software Component Verification Standard (SCVS)

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

Command line interface for the Phylum API

in-toto is a framework to secure the software supply chain.

ReARM - Supply Chain Security and Asset Management for Releases, SBOMs, xBOMs, Security Artifacts

Github Action implementation of SLSA Provenance Generation

Sharing software supply chain security open source projects

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

A rust implementation of in-toto

Repository for the SBOM Harbor.

A simple web app software supply chain monitoring toolkit