GUAC aggregates software security metadata into a high fidelity graph database.
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Orchestrate GitHub Actions Security
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
boostsecurityio/poutine
Tool to achieve policy driven vetting of open source dependencies
SBOM quality score - Quality metrics for your sboms
Developer-centric tool to secure your software supply chain.
List your dependencies capabilities and monitor if updates require more capabilities.
Graphing SBOM's Fast.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Insert payload through the program set by -toolexec. Just a toy
Red team tool that emulates the SolarWinds CI compromise attack vector.
Frizbee Action helps you pin your GitHub Actions and container images to specific versions using checksums.
Library to create, verify, and evaluate policy for attestations on container images
OPA Gatekeeper external data provider implementation for Docker attest library image attestation verification
Pin your 3rd Party Github Actions and Docker Images dependencies.
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."