Throw a tag at it and it comes back with a checksum.
-
Updated
Dec 13, 2025 - Go
#
supply-chain
Here are 42 public repositories matching this topic...
🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)
-
Updated
Dec 13, 2025 - Go
A tool to create, transform and attest VEX metadata
-
Updated
Dec 12, 2025 - Go
Scan GitHub Actions Workflow logs for IOCs
ioc workflow scanner detection logs supply-chain actions secrets github-actions supply-chain-security supply-chain-attacks changed-files
-
Updated
Dec 12, 2025 - Go
Software Supply Chain Security Platform
-
Updated
Dec 12, 2025 - Go
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
-
Updated
Dec 9, 2025 - Go
Official GitHub Action for OpenSSF Scorecard.
-
Updated
Dec 9, 2025 - Go
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
go npm security maven nuget pypi supply-chain cargo hacktoberfest dependency-management blue-team supply-chain-management defensive-security golang-module go-module sbom dependency-scanning dependency-security sbom-generator package-security
-
Updated
Dec 9, 2025 - Go
Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
go golang signing supply-chain software-bill-of-materials syft goreleaser sbom attestations slsa cosign sigstore slsa-provenance
-
Updated
Dec 8, 2025 - Go
Software Supply Chain Transparency Log
-
Updated
Dec 8, 2025 - Go
Signature Transparency Log designed for ease of use, low cost, and minimal maintenance
-
Updated
Dec 8, 2025 - Go
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
kubernetes security cloud virtual-machine scanner malware supply-chain exploits vulnerabilities rootkits leaked-secrets sbom
-
Updated
Dec 8, 2025 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom
-
Updated
Dec 3, 2025 - Go
boostsecurityio/poutine
github cli golang security devops ci supply-chain security-scanner devsecops github-actions supply-chain-security gh-extension
-
Updated
Nov 28, 2025 - Go
Go implementation of The Update Framework (TUF)
-
Updated
Dec 8, 2025 - Go
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
golang supply-chain bom vex spdx bill-of-materials software-bill-of-materials go-module sbom cyclonedx supply-chain-security spdx-sbom sbom-tool cyclonedx-sbom sbom-tools
-
Updated
Nov 7, 2025 - Go
oshka is a tool for extracting nested CI/CD supply chains and executing commands.
-
Updated
Oct 26, 2025 - Go
GitHub Action for SecureSBOM
-
Updated
Oct 11, 2025 - Go
Programmatically audit GitHub Actions workflow dependencies
-
Updated
Sep 17, 2025 - Go
Improve this page
Add a description, image, and links to the supply-chain topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain topic, visit your repo's landing page and select "manage topics."