14 results found Sort:

murphysecurity
murphysec murphysecurity
176
1.7k
apache-2.0
26
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
sca scanner codescan security dependency software-supply-chain vulnerability-detection software-composition-analysis
Created 2022-03-16
1,525 commits to v3 branch, last one 4 days ago
guacsec
guac guacsec
182
1.3k
apache-2.0
44
GUAC aggregates software security metadata into a high fidelity graph database.
vex sbom slsa spdx graph in-toto security cyclonedx spdx-sbom attestations supply-chain vulnerability cyclonedx-sbom software-supply-chain supply-chain-security supply-chain-analytics supply-chain-visibility vulnerability-management software-supply-chain-security
Created 2022-06-10
1,831 commits to main branch, last one 4 hours ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
118
1.0k
apache-2.0
107
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
999 commits to master branch, last one a day ago
aquasecurity
chain-bench aquasecurity
63
734
apache-2.0
13
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
go cis golang vulnera security devsecops security-tools misconfiguration open-policy-agent software-supply-chain software-supply-chain-security
Created 2022-05-12
69 commits to main branch, last one 6 months ago
mindersec
minder mindersec
42
308
apache-2.0
24
Software Supply Chain Security Platform
security supply-chain software-supply-chain software-supply-chain-security
Created 2023-04-05
4,734 commits to main branch, last one a day ago
bureado
awesome-software-supply-chain-security bureado
27
303
unknown
25
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom devsecops attestation awesome-list cve-scanning dependencies oss-compliance static-analysis package-management reproducible-builds supply-chain-attacks dependency-management software-supply-chain supply-chain-security security-vulnerability vulnerability-scanning vulnerability-management software-composition-analysis software-supply-chain-security
Created 2022-02-20
447 commits to main branch, last one about a year ago
tiiuae
sbomnix tiiuae
25
143
unknown
8
A suite of utilities to help with software supply chain challenges on nix targets
cpe nix purl sbom python security cyclonedx sbom-tool spdx-sbom dependencies sbom-generator static-analysis bill-of-materials software-supply-chain vulnerability-scanners software-bill-of-materials software-supply-chain-security
Created 2022-12-08
286 commits to main branch, last one 13 days ago
OWASP
Software-Component-Verification-Standard OWASP
39
138
cc-by-sa-4.0
32
Software Component Verification Standard (SCVS)
scrm scvs cscrm owasp open-source supply-chain best-practices software-supply-chain
Created 2019-08-28
149 commits to master branch, last one 9 months ago
in-toto
in-toto-golang in-toto
51
135
other
13
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
in-toto security software-supply-chain
Created 2018-10-15
1,006 commits to master branch, last one 7 days ago
osssanitizer
maloss osssanitizer
23
127
mit
6
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
npm pypi maven rubygems security packagist open-source static-analysis attack-detection dynamic-analysis software-supply-chain
Created 2020-07-23
8 commits to master branch, last one 3 years ago
phylum-dev
cli phylum-dev
11
103
gpl-3.0
8
Command line interface for the Phylum API
cli rust malware security supply-chain security-scan vulnerabilities malware-detection software-supply-chain secure-software-supply-chain software-supply-chain-security
Created 2021-03-19
1,101 commits to main branch, last one a day ago
in-toto
community in-toto
10
70
unknown
8
in-toto is a framework to secure the software supply chain.
cncf in-toto software-supply-chain software-supply-chain-security
Created 2022-11-10
53 commits to main branch, last one 19 days ago
philips-labs
slsa-provenance-action philips-labs
18
47
mit
6
Github Action implementation of SLSA Provenance Generation
slsa in-toto security provenance github-action hacktoberfest github-actions security-tools software-supply-chain
Created 2021-09-13
537 commits to main branch, last one a day ago
meta-fun
awesome-software-supply-chain-security meta-fun
3
43
apache-2.0
5
Sharing software supply chain security open source projects
cicd sast sbom devops security kubernetes supply-chain security-tools dependency-analysis software-supply-chain supply-chain-security vulnerability-scanner software-composition-analysis software-supply-chain-security
Created 2022-02-18
18 commits to main branch, last one 2 years ago