#Supply-chain

Showing 60 of 68 repositories tagged #supply-chain, ranked by stars

guacsec
guacsec
guac

GUAC aggregates software security metadata into a high fidelity graph database.

Score
100
β˜… 1.5k β‘‚ 205 β€”
Go
openclarity
openclarity
openclarity

OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure

Score
89
β˜… 1.5k β‘‚ 173 β€”
Go
ikatsov
ikatsov
tensor-house

A collection of reference Jupyter notebooks and demo AI/ML applications for enterprise use cases: marketing, pricing, supply chain, smart manufacturing, and more.

Score
100
β˜… 1.4k β‘‚ 508 +1/day
Jupyter Notebook
ossf
ossf
best-practices-badge

πŸ†Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

Score
96
β˜… 1.3k β‘‚ 229 +2/day
Ruby
pypa
pypa
pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

Score
86
β˜… 1.3k β‘‚ 109 +1/day
Python
sigstore
sigstore
rekor

Software Supply Chain Transparency Log

Score
93
β˜… 1.2k β‘‚ 215 β€”
Go
endojs
endojs
endo

Endo is a distributed secure JavaScript sandbox, based on SES

Score
79
β˜… 1.0k β‘‚ 88 β€”
JavaScript
in-toto
in-toto
in-toto

in-toto is a framework to protect supply chain integrity.

Score
82
β˜… 1.0k β‘‚ 157 +1/day
Python
cdxgen
cdxgen
cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Score
100
β˜… 1.0k β‘‚ 254 +5/day
JavaScript
JulietMirambo
JulietMirambo
Units_of_Measure_Harmonization-intelligence-platform

Production-Grade ML System for Automated Unit of Measure Error Detection | 88-92% Accuracy | 94% Autonomy | KNIME Workflow

Score
100
β˜… 816 β‘‚ 754 +1/day
PowerShell
theupdateframework
theupdateframework
go-tuf

Go implementation of The Update Framework (TUF)

Score
100
β˜… 705 β‘‚ 122 β€”
Go
ossillate-inc
ossillate-inc
packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Score
68
β˜… 686 β‘‚ 37 β€”
Python
devops-kung-fu
devops-kung-fu
bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Score
57
β˜… 622 β‘‚ 55 +2/day
Go
in-toto
in-toto
witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Score
75
β˜… 536 β‘‚ 78 β€”
Go
sigstore
sigstore
sigstore

Common go library shared across sigstore services and clients

Score
86
β˜… 530 β‘‚ 156 β€”
Go
CycloneDX
CycloneDX
specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Score
0
β˜… 521 β‘‚ 88 β€”
XSLT
boostsecurityio
boostsecurityio
poutine

poutine, a supply chain vulnerability scanner for build pipelines

Score
71
β˜… 489 β‘‚ 40 +2/day
Go
sandworm-hq
sandworm-hq
sandworm-audit

Security & License Compliance For Your App's Dependencies πŸͺ±

Score
18
β˜… 475 β‘‚ 7 β€”
JavaScript
mindersec
mindersec
minder

Software Supply Chain Security Platform

Score
71
β˜… 411 β‘‚ 107 β€”
Go
ossf
ossf
scorecard-action

Official GitHub Action for OpenSSF Scorecard.

Score
64
β˜… 392 β‘‚ 87 β€”
Go
boostsecurityio
boostsecurityio
smokedmeat

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

Score
57
β˜… 365 β‘‚ 27 +1/day
Go
sigstore
sigstore
sigstore-python

A Sigstore client written in Python

Score
61
β˜… 324 β‘‚ 82 β€”
Python
Funkmyster
Funkmyster
awesome-supply-chain

A curated list of awesome supply chain blogs, podcasts, standards, projects, and examples.

Score
92
β˜… 289 β‘‚ 43 +2/day
cackle-rs
cackle-rs
cackle

A code ACL checker for Rust

Score
100
β˜… 283 β‘‚ 12 +2/day
Rust
sigstore
sigstore
model-transparency

Supply chain security for ML

Score
54
β˜… 237 β‘‚ 62 β€”
Python
race2infinity
race2infinity
AuthentiFi

A blockchain-based Product Ownership Management System for anti-counterfeits in the Post Supply Chain.

Score
100
β˜… 209 β‘‚ 161 β€”
Java
openvex
openvex
vexctl

A tool to create, transform and attest VEX metadata

Score
43
β˜… 200 β‘‚ 27 +1/day
Go
kulkansecurity
kulkansecurity
gitxray

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

Score
36
β˜… 181 β‘‚ 14 β€”
Python
sigstore
sigstore
sigstore-js

Code-signing for npm packages

Score
50
β˜… 179 β‘‚ 46 β€”
TypeScript
boostsecurityio
boostsecurityio
bagel

bagel, a CLI that inventories security-relevant metadata on developer workstations

Score
46
β˜… 179 β‘‚ 11 +1/day
Go
konflux-ci
konflux-ci
konflux-ci

Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts

Score
67
β˜… 163 β‘‚ 139 +3/day
Go
mattdean1
mattdean1
blockchain-supply-chain

β›“ Supply Chain on Hyperledger Fabric

Score
77
β˜… 147 β‘‚ 50 β€”
JavaScript
relizaio
relizaio
rearm

ReARM - Release Governance Platform for the Agentic Era

Score
43
β˜… 122 β‘‚ 9 β€”
Java
dweinstein
dweinstein
canary

Tiny filesystem honeypot for macOS. Mounts fake secret files (.env, id_rsa, credentials.json) via WebDAV (no root) or NFS (root) β€” any access triggers an alert. Zero dependencies, pure Go stdlib.

Score
29
β˜… 95 β‘‚ 4 β€”
Go
AppThreat
AppThreat
atom

atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.

Score
50
β˜… 94 β‘‚ 9 β€”
Rust
kuldeep23907
kuldeep23907
Supply-Chain-using-Hyperledger-Fabric-and-React

This projects keeps track record of any product starting from manufacturer to customer.

Score
14
β˜… 93 β‘‚ 50 β€”
JavaScript
kamalkishorm
kamalkishorm
Blockchain_SupplyChain

Pharmaceutical SupplyChain using Ethereum Blockchain Network.

Score
69
β˜… 93 β‘‚ 50 β€”
JavaScript
lakshya-20
lakshya-20
supply-chain

Decentralised food supply chain to trace products from end to end and provide a smart and reliable way of providing information to the customers.

Score
54
β˜… 90 β‘‚ 40 β€”
JavaScript
lanfuli
lanfuli
aleabito-serenity-skills

Claude/Codex agent skills distilled from @aleabitoreddit (Serenity)'s full public archive β€” track her, analyze like her, anticipate her next focus. Bilingual δΈ­ζ–‡/English.

Score
100
β˜… 88 β‘‚ 17 +6/day
JavaScript
pypa
pypa
gh-action-pip-audit

A GitHub Action for pip-audit

Score
39
β˜… 88 β‘‚ 16 β€”
Python
kpcyrd
kpcyrd
pacman-bintrans

Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)

Score
4
β˜… 86 β‘‚ 5 β€”
Rust
centrifuge
centrifuge
pod

Go implementation of Centrifuge POD (Private Off-chain Data) node

Score
0
β˜… 80 β‘‚ 35 β€”
Go
oxsecurity
oxsecurity
codetotal

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

Score
0
β˜… 78 β‘‚ 9 β€”
TypeScript
sigstore
sigstore
gh-action-sigstore-python

A GitHub Action for sigstore-python

Score
32
β˜… 70 β‘‚ 13 β€”
Python
enbochen
enbochen
hyperledger-composer-supply-chain-network

An implementation of Hyperledger Composer to improve transparency and traceability of supply chain

Score
31
β˜… 70 β‘‚ 30 β€”
JavaScript
edoardottt
edoardottt
depsdev

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Score
21
β˜… 67 β‘‚ 8 β€”
Go
twu
twu
skjold

Security audit Python project dependencies against security advisory databases.

Score
7
β˜… 67 β‘‚ 13 β€”
Python
rishav4101
rishav4101
eth-supplychain-dapp

A supply chain management system based on block-chain network.

Score
38
β˜… 66 β‘‚ 40 β€”
JavaScript
Checkmarx
Checkmarx
chainjacking

Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks

Score
25
β˜… 64 β‘‚ 15 +1/day
Python
maximevaillancourt
maximevaillancourt
trace

Supply chain transparency platform proof-of-concept based on the Ethereum blockchain ✍️

Score
46
β˜… 62 β‘‚ 46 β€”
JavaScript
meta-fun
meta-fun
awesome-software-supply-chain-security

Sharing software supply chain security open source projects

Score
33
β˜… 54 β‘‚ 5 β€”
Azure
Azure
blockchain-supply-chain-solution

Umbrella repository for blockchain based supply-chain services and clients

Score
15
β˜… 53 β‘‚ 33 β€”
Shell
ochronasec
ochronasec
ochrona-cli

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

Score
0
β˜… 51 β‘‚ 8 β€”
Python
sherwyn11
sherwyn11
Pharma-Chain

A supply chain for the safe distribution of medicines using Blockchain and AI

Score
23
β˜… 50 β‘‚ 34 β€”
JavaScript
HackingLZ
HackingLZ
litellm_1.82.8_payload

Defanged malware stages from the litellm 1.82.8 PyPI supply chain compromise β€” credential stealer, K8s lateral movement, C2 backdoor

Score
14
β˜… 41 β‘‚ 8 β€”
Python
kxxt
kxxt
cargo-visualize

Know your dependencies via interactive cargo dependency graph visualization. An opinionated fork of cargo-depgraph that focuses on interactivity.

Score
0
β˜… 41 β‘‚ 1 β€”
Rust
pc-style
pc-style
supply-chain-guard

Local supply-chain install gate for npm packages and VS Code extensions with Socket, Codex, and PI review support.

Score
50
β˜… 32 β‘‚ 1 β€”
TypeScript
psavelis
psavelis
enterprise-blockchain

TypeScript repository for enterprise blockchain case studies, protocol mappings, and integration patterns.

Score
85
β˜… 30 β‘‚ 1 β€”
TypeScript
ac12644
ac12644
Supply-Chain-Smart-Contract

🌾 Bringing Transparency to the Food Industry: Create a Smart Contract for Your Supply Chain with Solidity πŸš€

Score
62
β˜… 29 β‘‚ 19 β€”
TypeScript
messypoutine
messypoutine
gravy-overflow

A GitHub Actions Supply Chain CTF / Goat

Score
29
β˜… 27 β‘‚ 52 β€”
JavaScript
Related Topics
#security#sbom#golang#blockchain#supply-chain-security#security-tools#solidity#python#go#devsecops#github-actions#ethereum

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly