software-supply-chain-security

Here are 65 public repositories matching this topic...

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom

Updated Jun 9, 2026
Go

DataDog / guarddog

Star

🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages

python npm python-security pypi-packages npm-packages malicious-packages software-supply-chain-security

Updated Jun 15, 2026
Python

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

security spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security

Updated May 15, 2026
Go

openpubkey / openpubkey

Star

Reference implementation of OpenPubkey

identity oauth2 cryptography openid-connect software-supply-chain-security

Updated May 6, 2026
Go

aquasecurity / chain-bench

Star

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

go golang security cis software-supply-chain vulnera security-tools devsecops misconfiguration open-policy-agent software-supply-chain-security

Updated Dec 11, 2024
Go

mindersec / minder

Star

Software Supply Chain Security Platform

security supply-chain software-supply-chain software-supply-chain-security

Updated Jun 13, 2026
Go

DataDog / supply-chain-firewall

Star

Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages 🔥

npm pypi python-security pypi-packages npm-packages malicious-packages software-supply-chain-security

Updated Jun 15, 2026
Python

bureado / awesome-software-supply-chain-security

Star

A compilation of resources in the software supply chain security domain, with emphasis on open source

static-analysis awesome-list security-vulnerability dependencies vulnerability-management software-supply-chain cve-scanning attestation package-management reproducible-builds devsecops software-composition-analysis vulnerability-scanning dependency-management oss-compliance sbom supply-chain-security supply-chain-attacks software-supply-chain-security

Updated Jun 7, 2026

DataDog / malicious-software-packages-dataset

Star

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

dataset malicious-packages software-supply-chain-security guarddog

Updated Jun 15, 2026
Python

in-toto / attestation

Star

in-toto Attestation Framework

attestation software-supply-chain-security

Updated Jun 9, 2026
Rust

tiiuae / sbomnix

Star

SBOM, provenance, dependency graph, and vulnerability tools for Nix.

python security nix static-analysis dependencies cpe software-supply-chain vulnerability-scanners bill-of-materials software-bill-of-materials purl sbom cyclonedx sbom-generator software-supply-chain-security spdx-sbom sbom-tool

Updated Jun 9, 2026
Python

arnica / depsguard

Star

Harden your package manager configs against supply chain attacks.

npm dependencies pnpm uv software-supply-chain-security

Updated Jun 12, 2026
Rust

sbom-tool / sbom-tools

Star

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

vex spdx appsec post-quantum-cryptography vulnerability-management sarif oss-compliance licence-management security-compliance sbom pqc cyclonedx software-supply-chain-security sbom-tool sbom-quality aibom cbom cryptographic-inventory cyber-resilience-act

Updated Jun 15, 2026
Rust

phylum-dev / birdcage

Star

Cross-platform embeddable sandboxing

security sandbox malware security-tools software-supply-chain-security secure-software-supply-chain

Updated Nov 24, 2025
Rust

attunehq / attune

Star

Fast and secure Linux package publishing.

apt debian-packaging software-supply-chain-security

Updated Dec 6, 2025
Rust

vishalgarg-sec / Software-Supply-Chain-Security

Star

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

cncf owasp vex vulnerability-management software-security dependency-management sbom attestations slsa open-source-security supply-chain-security supply-chain-attacks software-supply-chain-security openssf software-bill-of-material software-transparency

Updated Jan 28, 2024

relizaio / rearm

Star

ReARM - Release Governance Platform for the Agentic Era

security supply-chain release vulnerability release-automation release-management software-supply-chain security-tools supply-chain-management release-engineering sbom cyclonedx supply-chain-visibility sbom-distribution software-supply-chain-security sbom-tool hardware-supplychain software-transparency cyclonedx-sbom

Updated Jun 15, 2026
Java

phylum-dev / cli

Star

Command line interface for the Phylum API

rust cli security malware supply-chain vulnerabilities software-supply-chain malware-detection security-scan software-supply-chain-security secure-software-supply-chain

Updated Jun 15, 2026
Rust

argoproj-labs / argocd-interlace

Star

Enabling Software Supply Chain Security Capabilities in ArgoCD

argocd in-toto sigstore software-supply-chain-security

Updated Nov 4, 2022
Go

intelops / compage

Star

Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …

Updated Aug 9, 2024
Go

Improve this page

Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

software-supply-chain-security

Here are 65 public repositories matching this topic...

guacsec / guac

DataDog / guarddog

XmirrorSecurity / OpenSCA-cli

openpubkey / openpubkey

aquasecurity / chain-bench

mindersec / minder

DataDog / supply-chain-firewall

bureado / awesome-software-supply-chain-security

DataDog / malicious-software-packages-dataset

in-toto / attestation

tiiuae / sbomnix

arnica / depsguard

sbom-tool / sbom-tools

phylum-dev / birdcage

attunehq / attune

vishalgarg-sec / Software-Supply-Chain-Security

relizaio / rearm

phylum-dev / cli

argoproj-labs / argocd-interlace

intelops / compage

Improve this page

Add this topic to your repo