supply-chain-security
Here are 18 public repositories matching this topic...
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
-
Updated
Jun 30, 2024 - Python
Kubernetes operator for the OSS Review Toolkit
-
Updated
Jun 18, 2024 - Python
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
-
Updated
Jun 17, 2024 - Python
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
-
Updated
Jun 16, 2024 - Python
ReversingLabs rl-scanner Docker image
-
Updated
Jun 3, 2024 - Python
🥑 Inspect and understand an organization's software supply chain that enables stakeholders to make actionable decisions about software supply chain security
-
Updated
Apr 15, 2024 - Python
Utility to test reproducibility of crates from Cargo.lock
-
Updated
Apr 3, 2024 - Python
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
Updated
Apr 2, 2024 - Python
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
-
Updated
Mar 12, 2024 - Python
The open source platform for AI-native application development for OR applications.
-
Updated
Apr 24, 2024 - Python
Pipeline for patching CVEs in container images 💉📦
-
Updated
Feb 8, 2024 - Python
GitVerify is a tool designed to analyze GitHub repositories and provide insights into their trustworthiness. It gathers data from the GitHub API and, optionally, performs VirusTotal checks on associated domains, then presents the results in a concise manner. Supported output formats include: text, json, csv.
-
Updated
Oct 26, 2023 - Python
Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab
-
Updated
Aug 26, 2023 - Python
A python application to add hashes to your requirements.txt
-
Updated
Dec 23, 2022 - Python
Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in order to generate `in-toto` metadata which can be used with `apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible status.
-
Updated
Nov 4, 2022 - Python
Blockchain simulation demonstrating an idea for improving the cybersecurity of a supply chain.
-
Updated
Sep 15, 2022 - Python
GitHub Action to analyze Pull Requests for open-source supply chain issues
-
Updated
Jan 27, 2022 - Python
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."