GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Jun 12, 2024 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
Software Supply Chain Security Platform
Command line interface for the Phylum API
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Github Action implementation of SLSA Provenance Generation
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
A suite of utilities to help with software supply chain challenges on nix targets
in-toto is a framework to secure the software supply chain.
SLSA level 3 action
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Software Component Verification Standard (SCVS)
This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.
Sample CI/CD pipeline for creating container images with provenance details.
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
Prototype Open Source Software Nutrition Labels
software supply chain protection for javascript and python dependencies 🔐
Repository for the SBOM Harbor.
Dev tool to aggregate and focus on the changelog relevant to your codebase
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."