Awesome Open Source

Programming Languages

Search results for sbom supply chain security

supply-chain-security x

15 search results found

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Dep Scan ⭐ 673

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Chainloop ⭐ 225

Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.

Sbom Operator ⭐ 173

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

Awesome Software Supply Chain Security ⭐ 165

A compilation of resources in the software supply chain security domain, with emphasis on open source

SBOM quality score - Quality metrics for your sboms

Software Supply Chain Security ⭐ 102

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Macaron is an extensible supply chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

Codetotal ⭐ 27

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

Awesome Software Supply Chain Security ⭐ 20

Sharing software supply chain security open source projects

Securechain Java ⭐ 17

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

Hoppr Cop ⭐ 10

Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab

Guac Ai Mole ⭐ 8

🥑 Charting the Course for Secure Software Supply Chain

Software Supply Chain Security Java ⭐ 7

This repo contains the technology stack and its usage for software supply chain security of a Java application

Related Searches

Sbom Software Bill Of Materials (56)

Sbom Cyclonedx (51)

Python Sbom (22)

Golang Sbom (19)

Golang Supply Chain Security (12)

Devsecops Sbom (11)

Supply Chain Sbom (11)

1-15 of 15 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.