14 results found Sort:

murphysecurity
murphysec murphysecurity
167
1.6k
apache-2.0
24
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
sca scanner codescan security dependency software-supply-chain vulnerability-detection software-composition-analysis
Created 2022-03-16
1,313 commits to v3 branch, last one 2 days ago
guacsec
guac guacsec
154
1.2k
apache-2.0
42
GUAC aggregates software security metadata into a high fidelity graph database.
security supply-chain software-supply-chain supply-chain-security supply-chain-analytics supply-chain-visibility software-supply-chain-security
Created 2022-06-10
1,420 commits to main branch, last one 18 hours ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
115
1.0k
apache-2.0
155
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
939 commits to master branch, last one 2 days ago
aquasecurity
chain-bench aquasecurity
61
705
apache-2.0
11
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
go cis golang vulnera security devsecops security-tools misconfiguration open-policy-agent software-supply-chain software-supply-chain-security
Created 2022-05-12
68 commits to main branch, last one about a month ago
bureado
awesome-software-supply-chain-security bureado
25
255
unknown
24
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom devsecops attestation awesome-list cve-scanning dependencies oss-compliance static-analysis package-management reproducible-builds supply-chain-attacks dependency-management software-supply-chain supply-chain-security security-vulnerability vulnerability-scanning vulnerability-management software-composition-analysis software-supply-chain-security
Created 2022-02-20
447 commits to main branch, last one about a year ago
stacklok
minder stacklok
33
205
apache-2.0
19
Software Supply Chain Security Platform
security supply-chain software-supply-chain software-supply-chain-security
Created 2023-04-05
3,332 commits to main branch, last one 17 hours ago
OWASP
Software-Component-Verification-Standard OWASP
36
131
cc-by-sa-4.0
32
Software Component Verification Standard (SCVS)
scrm scvs cscrm owasp open-source supply-chain best-practices software-supply-chain
Created 2019-08-28
149 commits to master branch, last one about a month ago
in-toto
in-toto-golang in-toto
48
114
other
11
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
in-toto security software-supply-chain
Created 2018-10-15
938 commits to master branch, last one 2 days ago
osssanitizer
maloss osssanitizer
24
110
mit
6
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
npm pypi maven rubygems security packagist open-source static-analysis attack-detection dynamic-analysis software-supply-chain
Created 2020-07-23
8 commits to master branch, last one 3 years ago
tiiuae
sbomnix tiiuae
19
100
unknown
8
A suite of utilities to help with software supply chain challenges on nix targets
cpe nix purl sbom python security cyclonedx sbom-tool spdx-sbom dependencies sbom-generator static-analysis bill-of-materials software-supply-chain vulnerability-scanners software-bill-of-materials software-supply-chain-security
Created 2022-12-08
244 commits to main branch, last one 2 days ago
phylum-dev
cli phylum-dev
10
99
gpl-3.0
7
Command line interface for the Phylum API
cli rust malware security supply-chain security-scan vulnerabilities malware-detection software-supply-chain secure-software-supply-chain software-supply-chain-security
Created 2021-03-19
992 commits to main branch, last one 3 days ago
in-toto
community in-toto
8
51
unknown
7
in-toto is a framework to secure the software supply chain.
cncf in-toto software-supply-chain software-supply-chain-security
Created 2022-11-10
28 commits to main branch, last one 17 days ago
philips-labs
slsa-provenance-action philips-labs
18
45
mit
6
Github Action implementation of SLSA Provenance Generation
slsa in-toto security provenance github-action hacktoberfest github-actions security-tools software-supply-chain
Created 2021-09-13
508 commits to main branch, last one 5 days ago
meta-fun
awesome-software-supply-chain-security meta-fun
3
38
apache-2.0
5
Sharing software supply chain security open source projects
cicd sast sbom devops security kubernetes supply-chain security-tools dependency-analysis software-supply-chain supply-chain-security vulnerability-scanner software-composition-analysis software-supply-chain-security
Created 2022-02-18
18 commits to main branch, last one about a year ago