#Supply-chain
Showing 60 of 68 repositories tagged #supply-chain, ranked by stars
GUAC aggregates software security metadata into a high fidelity graph database.
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
A collection of reference Jupyter notebooks and demo AI/ML applications for enterprise use cases: marketing, pricing, supply chain, smart manufacturing, and more.
πOpen Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
Software Supply Chain Transparency Log
Endo is a distributed secure JavaScript sandbox, based on SES
in-toto is a framework to protect supply chain integrity.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
Production-Grade ML System for Automated Unit of Measure Error Detection | 88-92% Accuracy | 94% Autonomy | KNIME Workflow
Go implementation of The Update Framework (TUF)
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Common go library shared across sigstore services and clients
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
poutine, a supply chain vulnerability scanner for build pipelines
Security & License Compliance For Your App's Dependencies πͺ±
Software Supply Chain Security Platform
Official GitHub Action for OpenSSF Scorecard.
A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.
A Sigstore client written in Python
A curated list of awesome supply chain blogs, podcasts, standards, projects, and examples.
A code ACL checker for Rust
Supply chain security for ML
A blockchain-based Product Ownership Management System for anti-counterfeits in the Post Supply Chain.
A tool to create, transform and attest VEX metadata
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
Code-signing for npm packages
bagel, a CLI that inventories security-relevant metadata on developer workstations
Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts
β Supply Chain on Hyperledger Fabric
ReARM - Release Governance Platform for the Agentic Era
Tiny filesystem honeypot for macOS. Mounts fake secret files (.env, id_rsa, credentials.json) via WebDAV (no root) or NFS (root) β any access triggers an alert. Zero dependencies, pure Go stdlib.
atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
This projects keeps track record of any product starting from manufacturer to customer.
Pharmaceutical SupplyChain using Ethereum Blockchain Network.
Decentralised food supply chain to trace products from end to end and provide a smart and reliable way of providing information to the customers.
Claude/Codex agent skills distilled from @aleabitoreddit (Serenity)'s full public archive β track her, analyze like her, anticipate her next focus. Bilingual δΈζ/English.
A GitHub Action for pip-audit
Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)
Go implementation of Centrifuge POD (Private Off-chain Data) node
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
A GitHub Action for sigstore-python
An implementation of Hyperledger Composer to improve transparency and traceability of supply chain
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Security audit Python project dependencies against security advisory databases.
A supply chain management system based on block-chain network.
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
Supply chain transparency platform proof-of-concept based on the Ethereum blockchain βοΈ
Sharing software supply chain security open source projects
Umbrella repository for blockchain based supply-chain services and clients
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
A supply chain for the safe distribution of medicines using Blockchain and AI
Defanged malware stages from the litellm 1.82.8 PyPI supply chain compromise β credential stealer, K8s lateral movement, C2 backdoor
Know your dependencies via interactive cargo dependency graph visualization. An opinionated fork of cargo-depgraph that focuses on interactivity.
Local supply-chain install gate for npm packages and VS Code extensions with Socket, Codex, and PI review support.
TypeScript repository for enterprise blockchain case studies, protocol mappings, and integration patterns.
πΎ Bringing Transparency to the Food Industry: Create a Smart Contract for Your Supply Chain with Solidity π
A GitHub Actions Supply Chain CTF / Goat