GitHub Action to analyze Pull Requests for open-source supply chain issues
-
Updated
Jan 27, 2022 - Python
GitHub Action to analyze Pull Requests for open-source supply chain issues
Blockchain simulation demonstrating an idea for improving the cybersecurity of a supply chain.
Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in order to generate `in-toto` metadata which can be used with `apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible status.
A python application to add hashes to your requirements.txt
Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab
GitVerify is a tool designed to analyze GitHub repositories and provide insights into their trustworthiness. It gathers data from the GitHub API and, optionally, performs VirusTotal checks on associated domains, then presents the results in a concise manner. Supported output formats include: text, json, csv.
Pipeline for patching CVEs in container images 💉📦
The open source platform for AI-native application development for OR applications.
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Utility to test reproducibility of crates from Cargo.lock
Fetches security vulnerabilities and creates pip-constraints based on them.
🥑 Inspect and understand an organization's software supply chain that enables stakeholders to make actionable decisions about software supply chain security
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
ReversingLabs rl-scanner Docker image
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Kubernetes operator for the OSS Review Toolkit
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."