supply-chain-security topic

List supply-chain-security repositories

auth-tarball-from-git

15
Stars
1
Forks
Watchers

Authenticate a tarball through a signed tag in a git repository (with reproducible builds)

verified publisher icon kpcyrd

gocap

130
Stars
12
Forks
Watchers

List your dependencies capabilities and monitor if updates require more capabilities.

verified publisher icon cugu

sbom-operator

182
Stars
24
Forks
Watchers

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

verified publisher icon ckotzbauer

tern

942
Stars
187
Forks
Watchers

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

verified publisher icon tern-tools

sdc-check

138
Stars
1
Forks
Watchers

Small tool to inform you about potential risks in project dependencies list

verified publisher icon mbalabash

js-x-ray

209
Stars
25
Forks
Watchers

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

verified publisher icon NodeSecure

slsa

1.4k
Stars
207
Forks
Watchers

Supply-chain Levels for Software Artifacts

verified publisher icon slsa-framework

rebuilderd

346
Stars
22
Forks
Watchers

Independent verification of binary packages - reproducible builds

verified publisher icon kpcyrd

pacman-bintrans

83
Stars
4
Forks
Watchers

Experimental binary transparency for pacman with sigstore and rekor

verified publisher icon kpcyrd

legitify

718
Stars
57
Forks
Watchers

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

verified publisher icon Legit-Labs