supply-chain-security

Star

Here are 155 public repositories matching this topic...

Language:All

Filter by language

All155 Go32 Python24 Rust17 JavaScript12 TypeScript11 Shell7 Java6 Makefile4 HTML3 Dockerfile2

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

slsa-framework /slsa

Star1.6k

Supply-chain Levels for Software Artifacts

security devops supply-chain-security

UpdatedMar 27, 2025
Shell

guacsec /guac

Star1.3k

GUAC aggregates software security metadata into a high fidelity graph database.

security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom

UpdatedMar 27, 2025
Go

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

security-audit containers dependency-analysis vex compliance cve sca vulnerability-scanners security-tools devsecops reachability-analysis sbom cyclonedx supply-chain-security risk-audit dependency-audit

UpdatedMar 27, 2025
Python

tern-tools /tern

Star981

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security

UpdatedMar 12, 2024
Python

Legit-Labs /legitify

Star798

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

github golang security devops gitlab ci security-scanner devsecops supply-chain-security sdlc-security

UpdatedMar 21, 2025
Go

step-security /harden-runner

Star769

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

actions hardening security-hardening egress-filtering network-security runners runtime-security github-actions supply-chain-security

UpdatedMar 25, 2025
TypeScript

bitbomdev /minefield

Star718

Graphing SBOM's Fast.

ai graph roaring-bitmaps airgap sbom supply-chain-security llm

UpdatedMar 24, 2025
Go

ossillate-inc /packj

Star662

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

python npm security rubygems devops security-audit static-analysis pypi malware supply-chain sandboxing developer-tools dynamic-analysis vulnerability malware-analysis devops-tools vulnerability-scanners security-tools devsecops supply-chain-security

UpdatedApr 2, 2024
Python

chainloop-dev /chainloop

Star396

Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

UpdatedMar 27, 2025
Go

kpcyrd /rebuilderd

Sponsor

Star377

Independent verification of binary packages - Reproducible Builds

rust supply-chain reproducible-builds security-tools rebuilder supply-chain-security

UpdatedMar 4, 2025
Rust

docker /scout-cli

Star376

Docker Scout CLI

docker security supply-chain-security

UpdatedMar 18, 2025
Shell

owasp-dep-scan /blint

Star358

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary malware fuzzing supply-chain-analytics sbom cyclonedx supply-chain-security depscan