Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with supply-chain-security
A curated list of projects in awesome lists tagged with supply-chain-security .
https://github.com/slsa-framework/slsa
Supply-chain Levels for Software Artifacts
devops security supply-chain-security
Last synced: 31 Jul 2024
https://github.com/guacsec/guac
GUAC aggregates software security metadata into a high fidelity graph database.
security software-supply-chain software-supply-chain-security supply-chain supply-chain-analytics supply-chain-security supply-chain-visibility
Last synced: 25 Sep 2024
https://github.com/tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool
Last synced: 02 Oct 2024
https://github.com/AppThreat/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners
Last synced: 30 Jul 2024
https://github.com/owasp-dep-scan/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners
Last synced: 01 Aug 2024
https://github.com/legit-labs/legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security
Last synced: 29 Sep 2024
https://github.com/Legit-Labs/legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security
Last synced: 01 Aug 2024
https://github.com/ossillate-inc/packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners
Last synced: 03 Aug 2024
https://github.com/step-security/harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
actions egress-filtering github-actions hardening network-security runners runtime-security security-hardening supply-chain-security
Last synced: 29 Sep 2024
https://github.com/kpcyrd/rebuilderd
Independent verification of binary packages - reproducible builds
rebuilder reproducible-builds rust security-tools supply-chain supply-chain-security
Last synced: 01 Aug 2024
https://github.com/chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security
Last synced: 03 Aug 2024
https://github.com/owasp-dep-scan/blint
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security
Last synced: 03 Aug 2024
https://github.com/docker/scout-cli
Docker Scout CLI
docker security supply-chain-security
Last synced: 29 Sep 2024
https://github.com/step-security/secure-repo
Orchestrate GitHub Actions Security
actions github github-actions golang security security-tools supply-chain-security workflow
Last synced: 04 Aug 2024
https://github.com/nodesecure/js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
ast ast-analysis javascript nodejs sast security security-audit security-tools supply-chain-security
Last synced: 28 Sep 2024
https://github.com/NodeSecure/js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
ast ast-analysis javascript nodejs sast security security-audit security-tools supply-chain-security
Last synced: 03 Aug 2024
https://github.com/ckotzbauer/sbom-operator
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
k8s kubernetes operator sbom supply-chain-security
Last synced: 03 Aug 2024
https://github.com/mbalabash/sdc-check
Small tool to inform you about potential risks in project dependencies list
audit npm security supply-chain-security
Last synced: 03 Aug 2024
https://github.com/cugu/gocap
List your dependencies capabilities and monitor if updates require more capabilities.
go supply-chain-attacks supply-chain-security
Last synced: 03 Aug 2024
https://github.com/interlynk-io/sbomqs
SBOM quality score - Quality metrics for your sboms
cyclonedx devsecops-pipeline go golang sbom sbom-examples sbom-quality sbom-samples sbom-score sbom-tool security-tools spdx supply-chain-security
Last synced: 01 Aug 2024
https://github.com/boostsecurityio/lotp
boostsecurityio/lotp
living-off-the-pipeline lotp supply-chain-security
Last synced: 26 Sep 2024
https://github.com/kpcyrd/pacman-bintrans
Experimental binary transparency for pacman with sigstore and rekor
archlinux binary-transparency security supply-chain supply-chain-security
Last synced: 03 Aug 2024
https://github.com/docker/scout-action
Docker Scout GitHub Action
docker github-actions security supply-chain-security
Last synced: 29 Sep 2024
https://github.com/CycodeLabs/cimon-action
Runtime Security Solution for your CI/CD Pipeline
cicd ebpf github-actions hardening linux security security-hardening supply-chain-security
Last synced: 03 Aug 2024
https://github.com/oxsecurity/codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
code-quality-analyzer iac megalinter sast sbom sbom-generator secrets-detection security supply-chain supply-chain-security vulnerability-scanners
Last synced: 17 Aug 2024
https://github.com/Checkmarx/chainalert-github-action
scans popular packages and alerts in cases there is suspicion of an account takeover
free-service github-action supply-chain-security
Last synced: 03 Aug 2024
https://github.com/boostsecurityio/poutine
boostsecurityio/poutine
ci cli devops devsecops gh-extension github github-actions golang security security-scanner supply-chain supply-chain-security
Last synced: 03 Aug 2024
https://github.com/fepitre/package-rebuilder
Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in order to generate `in-toto` metadata which can be used with `apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible status.
celery python rebuilder reproducible-builds security-tools supply-chain supply-chain-security
Last synced: 03 Aug 2024
https://github.com/kpcyrd/rebuilderd-debian-buildinfo-crawler
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
debian rebuilderd reproducible-builds supply-chain-security
Last synced: 03 Aug 2024
https://github.com/JamieMagee/vulnerability-git-hooks
git hooks to prevent committing vulnerable dependencies
deps-dev git-hooks supply-chain-security
Last synced: 03 Sep 2024
https://github.com/jamiemagee/vulnerability-git-hooks
git hooks to prevent committing vulnerable dependencies
deps-dev git-hooks supply-chain-security
Last synced: 01 Oct 2024
https://github.com/mostafa/practical-cscrm
Practical Cybersecurity Supply Chain Risk Management
c-scrm cyclonedx dependency-track docker nist owasp sbom supply-chain supply-chain-security syft
Last synced: 02 Oct 2024
https://github.com/hupe1980/fakegh
🛠️📊🤖 Fake GitHub Activity Generator
awareness cybersecurity supply-chain-security
Last synced: 01 Oct 2024