TUF client CLI written in Go based on the rdimitrov/go-tuf-metadata library.
-
Updated
Jan 13, 2025 - Go
#
supply-chain
Here are 42 public repositories matching this topic...
Digital Container Shipping Association (DCSA) API's
-
Updated
Jul 24, 2025 - Go
security security-audit supply-chain dev dependencies osv security-tools devsecops vulnerability-scanning sbom scan-deps osv-dev
-
Updated
Sep 10, 2022 - Go
A research study on the adoption of blockchain for IoT devices in supply chains, published in Computational Intelligence and Neuroscience (2022). This study explores the integration of blockchain and IoT, proposing a modified RAFT consensus protocol (mRAFT) to enhance scalability and efficiency in Hyperledger based supply chain environments.
-
Updated
Mar 7, 2025 - Go
Kubernetes Custom Controller + Admission Webhook for CVE Scan (In Progress)
-
Updated
Oct 27, 2025 - Go
Programmatically audit GitHub Actions workflow dependencies
-
Updated
Sep 17, 2025 - Go
-
Updated
Sep 4, 2025 - Go
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
golang supply-chain bom vex spdx bill-of-materials software-bill-of-materials go-module sbom cyclonedx supply-chain-security spdx-sbom sbom-tool cyclonedx-sbom sbom-tools
-
Updated
Nov 7, 2025 - Go
WeeTracky is a Go-based backend designed to manage the supply chain for small manufacturing businesses, particularly in the jewelry production sector. The application provides features to track products, materials, suppliers, and certifications, offering a comprehensive view of the supply chain.
-
Updated
Jan 30, 2024 - Go
A comprehensive software artifact scanning and analysis tool for Docker images and filesystems.
-
Updated
Jul 7, 2025 - Go
ghavm manages version pinning and upgrades for GitHub Actions workflows.
-
Updated
Jul 30, 2025 - Go
Malicious-PAckageFinder (m-paf) is a command-line tool that detects malicious and risky packages in your software supply chain using SBOM files.
-
Updated
Jan 4, 2025 - Go
GitHub Action for SecureSBOM
-
Updated
Oct 11, 2025 - Go
oshka is a tool for extracting nested CI/CD supply chains and executing commands.
-
Updated
Oct 26, 2025 - Go
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
-
Updated
Oct 24, 2022 - Go
Trusty Dependency Risk Action
-
Updated
Feb 12, 2025 - Go
Typosquatting tool that supports OSINT investigations, and designed to operate on multilingual target domains.
url dns osint scanner domain supply-chain phishing fuzzing typosquatting intelligence-gathering threat-intelligence idn hijacking brandjacking homoglyph cybersecuirty
-
Updated
May 15, 2025 - Go
-
Updated
Sep 4, 2025 - Go
Scan GitHub Actions Workflow logs for IOCs
ioc workflow scanner detection logs supply-chain actions secrets github-actions supply-chain-security supply-chain-attacks changed-files
-
Updated
Dec 12, 2025 - Go
Improve this page
Add a description, image, and links to the supply-chain topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain topic, visit your repo's landing page and select "manage topics."