GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Sep 17, 2024 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
Automatically assess and score software repositories for supply chain risk.
boostsecurityio/poutine
Orchestrate GitHub Actions Security
Supply-chain Levels for Software Artifacts
nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
GitHub Action for Xygeni scanner
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Tool to achieve policy driven vetting of open source dependencies
SBOM quality score - Quality metrics for your sboms
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Secure GitHub actions with 1 line of code
Scripts to do interesting things with GUAC
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
ReversingLabs rl-scanner Docker image
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."