supply-chain-attacks topic
cocert
Split and distribute your private keys securely amongst untrusted network
gocap
List your dependencies capabilities and monitor if updates require more capabilities.
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the...