Projects in Awesome Lists tagged with supply-chain-security

https://github.com/slsa-framework/slsa

Supply-chain Levels for Software Artifacts

Last synced: 31 Jul 2024

https://github.com/guacsec/guac

GUAC aggregates software security metadata into a high fidelity graph database.

security software-supply-chain software-supply-chain-security supply-chain supply-chain-analytics supply-chain-security supply-chain-visibility

Last synced: 25 Sep 2024

https://github.com/tern-tools/tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool

Last synced: 02 Oct 2024

https://github.com/AppThreat/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 30 Jul 2024

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 01 Aug 2024

https://github.com/legit-labs/legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security

Last synced: 29 Sep 2024

https://github.com/Legit-Labs/legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security

Last synced: 01 Aug 2024

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 03 Aug 2024

https://github.com/step-security/harden-runner

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

actions egress-filtering github-actions hardening network-security runners runtime-security security-hardening supply-chain-security

Last synced: 29 Sep 2024

https://github.com/kpcyrd/rebuilderd

Independent verification of binary packages - reproducible builds

rebuilder reproducible-builds rust security-tools supply-chain supply-chain-security

Last synced: 01 Aug 2024

https://github.com/chainloop-dev/chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security

Last synced: 03 Aug 2024

https://github.com/owasp-dep-scan/blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security

Last synced: 03 Aug 2024

https://github.com/docker/scout-cli

Docker Scout CLI

docker security supply-chain-security

Last synced: 29 Sep 2024

https://github.com/step-security/secure-repo

Orchestrate GitHub Actions Security

actions github github-actions golang security security-tools supply-chain-security workflow

Last synced: 04 Aug 2024

https://github.com/nodesecure/js-x-ray

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

ast ast-analysis javascript nodejs sast security security-audit security-tools supply-chain-security

Last synced: 28 Sep 2024

https://github.com/NodeSecure/js-x-ray

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

ast ast-analysis javascript nodejs sast security security-audit security-tools supply-chain-security

Last synced: 03 Aug 2024

https://github.com/ckotzbauer/sbom-operator

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

k8s kubernetes operator sbom supply-chain-security

Last synced: 03 Aug 2024

https://github.com/mbalabash/sdc-check

Small tool to inform you about potential risks in project dependencies list

audit npm security supply-chain-security

Last synced: 03 Aug 2024

https://github.com/cugu/gocap

List your dependencies capabilities and monitor if updates require more capabilities.

go supply-chain-attacks supply-chain-security

Last synced: 03 Aug 2024

https://github.com/interlynk-io/sbomqs

SBOM quality score - Quality metrics for your sboms

cyclonedx devsecops-pipeline go golang sbom sbom-examples sbom-quality sbom-samples sbom-score sbom-tool security-tools spdx supply-chain-security

Last synced: 01 Aug 2024

https://github.com/boostsecurityio/lotp

boostsecurityio/lotp

living-off-the-pipeline lotp supply-chain-security

Last synced: 26 Sep 2024

https://github.com/kpcyrd/pacman-bintrans

Experimental binary transparency for pacman with sigstore and rekor

archlinux binary-transparency security supply-chain supply-chain-security

Last synced: 03 Aug 2024

https://github.com/docker/scout-action

Docker Scout GitHub Action

docker github-actions security supply-chain-security

Last synced: 29 Sep 2024

https://github.com/CycodeLabs/cimon-action

Runtime Security Solution for your CI/CD Pipeline

cicd ebpf github-actions hardening linux security security-hardening supply-chain-security

Last synced: 03 Aug 2024

https://github.com/oxsecurity/codetotal

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

code-quality-analyzer iac megalinter sast sbom sbom-generator secrets-detection security supply-chain supply-chain-security vulnerability-scanners

Last synced: 17 Aug 2024

https://github.com/Checkmarx/chainalert-github-action

scans popular packages and alerts in cases there is suspicion of an account takeover

free-service github-action supply-chain-security

Last synced: 03 Aug 2024

https://github.com/boostsecurityio/poutine

boostsecurityio/poutine

ci cli devops devsecops gh-extension github github-actions golang security security-scanner supply-chain supply-chain-security

Last synced: 03 Aug 2024

https://github.com/fepitre/package-rebuilder

Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in order to generate `in-toto` metadata which can be used with `apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible status.

celery python rebuilder reproducible-builds security-tools supply-chain supply-chain-security