This project helps reduce walking time in warehouses using a Python tool that simulates picking routes. Users can test strategies like wave picking and clustering on a 2D layout to find the most efficient method.

🚚 Optimize inventory transfers between Canada and the US with advanced forecasting, intelligent recommendations, and professional reporting tools.

Analyses and pins GitHub actions in your workflows.

Deleted & Revived PyPI Package Indexes

A Sigstore client written in Python

A GitHub Action for sigstore-python

Generate X12 856 ASN with hierarchical HL loops + GS1 SSCC-18 labels from JSON/CSV orders. Includes cartonization + CLI + full test suite.

Reliable Energy Analytics LLC Downloads

Operations Research Hackathon, provided by Califrais

Python tool for merging SPDX SBOM files with intelligent deduplication and relationship preservation

Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm and Shai-Hulud 2-0-0 that compromised 1193+ packages including CrowdStrike npm packages in 2025.

Python CLI tool to upload SPDX documents to Cisco Corona platform. Features modular architecture, 90%+ test coverage, Docker support, and GitHub Actions integration.

Python tool to fetch GitHub SBOMs (Software Bill of Materials) for repositories and their dependencies. Automatically discovers, downloads, and analyzes dependency SBOMs with component counting, mapping PyPI/npm packages to GitHub repos. Generates comprehensive reports for security and compliance tracking.

A GitHub Action for pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

in-toto is a framework to protect supply chain integrity.

Supply chain security for ML

OtterDog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively used by the Eclipse Foundation to manage its numerous projects hosted on GitHub.

Check remote repositories for typical red flags like CLAs and risks due to low development activity

Interactive script inventory mapper — discover, document, and organize executable tooling across complex environments.