AI SBOM: AI Software Bill of Materials - The Supply Chain for Artificial Intelligence
🔒 Prevent secrets and tokens from reaching your repository with PP-SecCommit, a simple Git hook that ensures secure commits on your local machine.
Deleted & Revived PyPI Package Indexes
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Hermeto is a CLI tool that prefetches your project dependencies to aid in making your container build process hermetic.
A CLI tool to scan dependencies for vulnerabilities and flags potentially compromised dependencies (supply chain security).
🔍 Shellockolm - Your Security Detective for React, Next.js & npm. Detects CVE-2025-55182, CVE-2025-66478, malware, and supply chain attacks. Elementary security for complex codebases!
CI/CD Pipeline Security Audit Lab - Hands-on exercise for Software and Data Integrity Failures (OWASP A08:2021). Part of Dibimbing.id cybersecurity bootcamp.
PatchHound is an open source SBOM vulnerability scanner and report generator with image signing, verification, and automated alerts for secure software supply chains.
ReversingLabs rl-scanner Docker image
NPM malware detection: A hands-on guide to spotting and stopping supply-chain attacks using real-world scanning scripts and IOC analysis.
Production-ready template demonstrating supply chain security, SLSA provenance, and multi-platform distribution for Python CLIs
Follow the link for docs
blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.
Universal Prompt Security Standard (UPSS): A framework for externalizing, securing, and managing LLM prompts and genAI systems, inspired by and extending OWASP OPSS concepts for any organization or project.
SRC2PURL - Source Code to Package URL
GitHub Actions security scanner powered by OpenSSF Scorecard. Scan repositories, organizations, and user accounts for workflow vulnerabilities. Generate beautiful HTML, JSON, CSV, and Markdown reports with risk scoring and actionable insights.
A comprehensive security scanner for GitHub Actions workflows, providing deep supply chain analysis to detect vulnerabilities, misconfigurations, and compliance issues in your CI/CD pipelines.
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."