An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
-
Updated
Sep 27, 2024 - Go
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A compilation of resources in the software supply chain security domain, with emphasis on open source
Software Supply Chain Security Platform
Software Component Verification Standard (SCVS)
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
A suite of utilities to help with software supply chain challenges on nix targets
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Command line interface for the Phylum API
in-toto is a framework to secure the software supply chain.
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Github Action implementation of SLSA Provenance Generation
Sharing software supply chain security open source projects
Repository for the SBOM Harbor.
A simple web app software supply chain monitoring toolkit
SLSA level 3 action
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."