🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)

A malicious package to demonstrate the importance of software supply chain security.

A site for an IQT R&D initiative on software supply chain security.

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

A proof-of-concept SLSA provenance generator for Buildkite.

compare wheel built from git with what's on pypi

A simple web app software supply chain monitoring toolkit

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

Sharing software supply chain security open source projects

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity

Capstone project assessing the current state of the software supply chain in open-source projects

A compilation of resources in the software supply chain security domain, with emphasis on open source

Dev tool to aggregate and focus on the changelog relevant to your codebase

Repository for the SBOM Harbor.

software supply chain protection for javascript and python dependencies 🔐

Prototype Open Source Software Nutrition Labels

The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.

Sample CI/CD pipeline for creating container images with provenance details.

This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.

Software Component Verification Standard (SCVS)