GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Dec 20, 2024 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Reference implementation of OpenPubkey
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
Software Supply Chain Security Platform
A compilation of resources in the software supply chain security domain, with emphasis on open source
Cross-platform embeddable sandboxing
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
A suite of utilities to help with software supply chain challenges on nix targets
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Command line interface for the Phylum API
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …
Enabling Software Supply Chain Security Capabilities in ArgoCD
in-toto is a framework to secure the software supply chain.
Sharing software supply chain security open source projects
Damn Vulnerable SCA Application
Repository for the SBOM Harbor.
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."