OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
GUAC aggregates software security metadata into a high fidelity graph database.
Software Supply Chain Transparency Log
Go implementation of The Update Framework (TUF)
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Software Supply Chain Security Platform
Official GitHub Action for OpenSSF Scorecard.
boostsecurityio/poutine
A tool to create, transform and attest VEX metadata
Throw a tag at it and it comes back with a checksum.
Go implementation of Centrifuge POD (Private Off-chain Data) node
Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
Signature Transparency Log designed for ease of use, low cost, and minimal maintenance
Typosquatting tool that supports OSINT investigations, and designed to operate on multilingual target domains.
Scan GitHub Actions Workflow logs for IOCs
Add a description, image, and links to the supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain topic, visit your repo's landing page and select "manage topics."