An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
-
Updated
Mar 19, 2023 - Go
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A compilation of resources in the software supply chain security domain, with emphasis on open source
Enabling Software Supply Chain Security Capabilities in ArgoCD
Cross-platform embeddable sandboxing
Command line interface for the Phylum API
Sharing software supply chain security open source projects
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
Software signing just got easier
A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the respective source code repository
The Software Supply Chain Attribute Integrity, or SCAI (pronounced "sky"), specification proposes a data format for capturing functional attribute and integrity information about software artifacts and their supply chain.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
A CLI tool to analyze the behavior of your dependencies using listen.dev
in-toto is a framework to secure the software supply chain.
Sample CI/CD pipeline for creating container images with provenance details.
End-to-End Cybersecurity
Capstone project assessing the current state of the software supply chain in open-source projects
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."