全语言制品仓库,涵盖npm、Maven、PyPi、Docker、Gradle、SBT、Cocoapods、Swift、RPM、Debian、PHP、Go、Pub、Ivy、NuGet、Conda、Cargo、Conan、Yarn、GitLFS、Helm、OHPM等主流工具,涵盖Huggingface 等主流AI模型仓库的代理与同步
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Software Supply Chain Security Platform
A compilation of resources in the software supply chain security domain, with emphasis on open source
A suite of utilities to help with software supply chain challenges on nix targets
Software Component Verification Standard (SCVS)
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Command line interface for the Phylum API
The Evidence Store for Your Entire Supply Chain. SBOMs, xBOMs and every other artifact - stored for 10+ years, versioned and audit-ready.
in-toto is a framework to secure the software supply chain.
Sharing software supply chain security open source projects
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Github Action implementation of SLSA Provenance Generation
Repository for the SBOM Harbor.
A simple web app software supply chain monitoring toolkit
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."