Aggregate view of all dependabot findings
-
Updated
Apr 23, 2023 - Go
#
supply-chain-security
Here are 42 public repositories matching this topic...
🛠️📊🤖 Fake GitHub Activity Generator
-
Updated
May 5, 2024 - Go
The Cartographer CLI offers a convenient way to manage a Cartographer installation and related workflows.
-
Updated
Apr 5, 2024 - Go
An example of something terrible in plain sight
-
Updated
Sep 17, 2025 - Go
Malicious-PAckageFinder (m-paf) is a command-line tool that detects malicious and risky packages in your software supply chain using SBOM files.
-
Updated
Jan 4, 2025 - Go
Go dependencies parser and formatter
-
Updated
Jul 20, 2025 - Go
Security wrapper for package managers using a local MITM proxy and the OSSF malicious-packages DB to block malware before install.
-
Updated
Nov 20, 2025 - Go
Scan for vulnerabilities and trace their usage in your source code
docker golang static-analysis devsecops vulnerability-scanning github-action dependency-scanning trivy open-source-security supply-chain-security go-security ast-grep secure-ci
-
Updated
Sep 13, 2025 - Go
Static analysis tool to Identify and Fix GitHub Actions prone to Supply‑Chain Risks
github go golang security ci-cd cybersecurity security-tools devsecops github-actions supply-chain-security
-
Updated
Jun 29, 2025 - Go
Go API client for osv.dev
-
Updated
Jan 7, 2024 - Go
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
golang supply-chain bom vex spdx bill-of-materials software-bill-of-materials go-module sbom cyclonedx supply-chain-security spdx-sbom sbom-tool cyclonedx-sbom sbom-tools
-
Updated
Dec 17, 2025 - Go
-
Updated
Mar 1, 2023 - Go
A pure client side Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
oss bitbucket cicd bitbucket-pipelines sbom cyclonedx open-source-security supply-chain-security bitbucket-pipes
-
Updated
Jan 31, 2025 - Go
The lockfile for the agentic web: snapshot and sign MCP server capabilities (Ed25519 or Sigstore), detect drift, enforce CEL policy.
cli golang cryptography mcp ed25519 devsecops cel policy-as-code supply-chain-security model-context-protocol agent-security deterministic-builds
-
Updated
Dec 17, 2025 - Go
Pin your 3rd Party Github Actions and Docker Images dependencies.
-
Updated
Mar 15, 2025 - Go
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
-
Updated
Dec 15, 2025 - Go
SBOM Move - Automate build and transfer of SBOMs across systems
go golang security-tools devsecops sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-move
-
Updated
Dec 8, 2025 - Go
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."