GitHub topics: software-supply-chain-security

Repositories

guacsec/guac

GUAC aggregates software security metadata into a high fidelity graph database.

Language: Go - Size: 15.1 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 1,364 - Forks: 187

openpubkey/openpubkey

Reference implementation of OpenPubkey

Language: Go - Size: 17.6 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 840 - Forks: 60

DataDog/malicious-software-packages-dataset

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

Language: Python - Size: 1.89 GB - Last synced at: 6 days ago - Pushed at: 7 days ago - Stars: 204 - Forks: 32

DataDog/supply-chain-firewall

A tool for preventing the installation of malicious PyPI and npm packages :fire:

Language: Python - Size: 2.25 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 145 - Forks: 9

gmdavef/struts-showcase

Repo to demonstrate scanning in different CI/CD tools using ReversingLabs Spectra Assure.

Language: Java - Size: 979 KB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 1 - Forks: 1

DataDog/guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages

Language: Python - Size: 11.7 MB - Last synced at: 7 days ago - Pushed at: 8 days ago - Stars: 742 - Forks: 58

in-toto/attestation

in-toto Attestation Framework

Language: Go - Size: 2.03 MB - Last synced at: 8 days ago - Pushed at: 10 days ago - Stars: 273 - Forks: 78

scm-rs/csaf-walker

A library and CLI to work with CSAF and SBOM data

Language: JavaScript - Size: 1.91 MB - Last synced at: about 6 hours ago - Pushed at: 3 days ago - Stars: 4 - Forks: 7

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Language: Go - Size: 8.7 MB - Last synced at: 8 days ago - Pushed at: 21 days ago - Stars: 1,073 - Forks: 120

tiiuae/sbomnix

A suite of utilities to help with software supply chain challenges on nix targets

Language: Python - Size: 2.66 MB - Last synced at: 6 days ago - Pushed at: 11 days ago - Stars: 172 - Forks: 27

mindersec/minder

Software Supply Chain Security Platform

Language: Go - Size: 133 MB - Last synced at: 7 days ago - Pushed at: 9 days ago - Stars: 334 - Forks: 47

phylum-dev/birdcage

Cross-platform embeddable sandboxing

Language: Rust - Size: 337 KB - Last synced at: 6 days ago - Pushed at: 7 months ago - Stars: 187 - Forks: 7

phylum-dev/cli

Command line interface for the Phylum API

Language: Rust - Size: 4.27 MB - Last synced at: 5 days ago - Pushed at: 10 days ago - Stars: 102 - Forks: 11

bureado/awesome-software-supply-chain-security

A compilation of resources in the software supply chain security domain, with emphasis on open source

Size: 165 KB - Last synced at: 10 days ago - Pushed at: about 2 years ago - Stars: 320 - Forks: 29

in-toto/scai-demos

Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools

Language: Go - Size: 4.19 MB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 18 - Forks: 4

attunehq/attune

Secure, simple software publishing.

Language: Rust - Size: 313 KB - Last synced at: 24 days ago - Pushed at: 24 days ago - Stars: 157 - Forks: 2

applicative-systems/secure-supply-chain

Secure Software Supply Chain Demonstration with Nix

Language: Nix - Size: 27.3 KB - Last synced at: 23 days ago - Pushed at: 24 days ago - Stars: 2 - Forks: 0

scm-rs/organization

Organizational stuff

Size: 1.95 KB - Last synced at: 24 days ago - Pushed at: 25 days ago - Stars: 0 - Forks: 0

listendev/lstn

A CLI tool to analyze the behavior of your dependencies using listen.dev

Language: Go - Size: 2.13 MB - Last synced at: 24 days ago - Pushed at: 25 days ago - Stars: 12 - Forks: 1

argoproj-labs/argocd-interlace

Enabling Software Supply Chain Security Capabilities in ArgoCD

Language: Go - Size: 10.2 MB - Last synced at: 19 days ago - Pushed at: over 2 years ago - Stars: 86 - Forks: 10

harekrishnarai/depcheck

A CLI tool to identify SCA security vulnerabilities in packages and provide suggestions for upgrade versions, breaking changes, CVSS and advisories.

Language: Go - Size: 150 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 1 - Forks: 0

harekrishnarai/Damn-vulnerable-sca

Damn Vulnerable SCA Application

Language: Java - Size: 35.9 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 32 - Forks: 27

meta-fun/awesome-software-supply-chain-security

Sharing software supply chain security open source projects

Size: 23.4 KB - Last synced at: 16 days ago - Pushed at: over 2 years ago - Stars: 49 - Forks: 3

hacrvlq/skeld

a tui tool for opening projects in a restricted sandbox to prevent supply chain attacks such as typosquatting

Language: Rust - Size: 270 KB - Last synced at: 17 days ago - Pushed at: about 2 months ago - Stars: 3 - Forks: 0

jenkinsci/xygeni-sensor-plugin

Jenkins plugin for Xygeni - End to end software development and delivery security

Language: Java - Size: 690 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 5

aquasecurity/chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Language: Go - Size: 5.74 MB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 743 - Forks: 63

in-toto/community

in-toto is a framework to secure the software supply chain.

Size: 376 KB - Last synced at: about 2 months ago - Pushed at: 5 months ago - Stars: 70 - Forks: 10

gmdavef/spectra-assure-scripts

Example scripts that use ReversingLabs' Spectra Assure SDK.

Language: Python - Size: 11.7 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

sonatype-nexus-community/sonatype-platform-browser-extension

The Sonatype Platform Browser Extension

Language: TypeScript - Size: 12.7 MB - Last synced at: 23 days ago - Pushed at: 6 months ago - Stars: 3 - Forks: 4

intelops/compage

Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.

Language: Go - Size: 28.1 MB - Last synced at: 6 months ago - Pushed at: 10 months ago - Stars: 83 - Forks: 21

paulveillard/cybersecurity-software

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity

Size: 32.2 KB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 5 - Forks: 0

vishalgarg-sec/Software-Supply-Chain-Security

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Size: 587 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 122 - Forks: 15

syn-4ck/fafnir-sec

fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.

Language: Python - Size: 14.3 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

CMS-Enterprise/sbom-harbor 📦

Repository for the SBOM Harbor.

Language: Rust - Size: 13.7 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 15 - Forks: 9

Related Keywords

software-supply-chain-security 39 software-supply-chain 13 security 12 sbom 8 supply-chain-security 7 supply-chain 6 security-tools 5 devsecops 5 software-composition-analysis 4 software-bill-of-materials 4 malicious-packages 4 vulnerability-management 3 npm 3 pypi-packages 3 python 3 dependencies 3 sca 3 static-analysis 3 attestations 3 cyclonedx 3 in-toto 3 sast 3 spdx-sbom 3 sigstore 3 vex 3 secure-software-supply-chain 2 containers 2 sandbox 2 malware 2 cli 2 sbom-generator 2 application-security 2 nix 2 software-security 2 rust 2 vulnerabilities 2 cncf 2 golang 2 dependency-management 2 supply-chain-attacks 2 spdx 2 slsa 2 attestation 2 cyclonedx-sbom 2 python-security 2 docker 2 npm-packages 2 sonatype-firewall 1 sonatype-lifecycle 1 backend-services 1 code-generation 1 containerization 1 cybersecurity 1 cloudsecurity 1 cosign 1 graphql 1 grpc 1 software-bill-of-material 1 sonatype 1 edge-extension 1 chrome-extension 1 data-security 1 vulnera 1 open-policy-agent 1 misconfiguration 1 go 1 cis 1 software-attestation 1 secrets-scan 1 iac-security 1 software-transparency 1 owasp 1 openssf 1 appsec 1 open-source-security 1 software-testing 1 software-team 1 container-security 1 guide 1 notary 1 signature-verification 1 signatures 1 software-factory 1 software-engineering 1 software-development 1 final-year-project 1 webassembly 1 visual-applications 1 serverless 1 rest-api 1 cloud-native-security 1 no-code 1 microservices 1 low-code 1 hacktoberfest 1 reproducible-builds 1 package-management 1 oss-compliance 1 cve-scanning 1 awesome-list 1