software-supply-chain topic

List software-supply-chain repositories

go-malice

9
Stars
3
Forks
Watchers

A malicious package to demonstrate the importance of software supply chain security.

verified publisher icon sethvargo

murphysec

1.6k
Stars
167
Forks
Watchers

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。

verified publisher icon murphysecurity

chain-bench

704
Stars
61
Forks
Watchers

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

verified publisher icon aquasecurity

Software-Component-Verification-Standard

131
Stars
36
Forks
Watchers

Software Component Verification Standard (SCVS)

verified publisher icon OWASP

maloss

110
Stars
24
Forks
Watchers

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

verified publisher icon osssanitizer

in-toto-golang

114
Stars
48
Forks
Watchers

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

verified publisher icon in-toto

awesome-software-supply-chain-security

279
Stars
26
Forks
Watchers

A compilation of resources in the software supply chain security domain, with emphasis on open source

verified publisher icon bureado

dependency-check-py

48
Stars
12
Forks
Watchers

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

verified publisher icon jhermann

slsa-provenance-action

45
Stars
18
Forks
Watchers

Github Action implementation of SLSA Provenance Generation

verified publisher icon philips-labs

in-toto-rs

31
Stars
14
Forks
Watchers

A rust implementation of in-toto

verified publisher icon in-toto