Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
☆33Apr 4, 2023Updated 2 years ago
Alternatives and similar repositories for supply-chain-synthesis
Users that are interested in supply-chain-synthesis are comparing it to the libraries listed below
Sorting:
- An http proxy for reproducibility.☆19Jan 10, 2023Updated 3 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Apr 22, 2025Updated 10 months ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- SIG Software Supply Chain☆16Nov 18, 2024Updated last year
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools☆19Updated this week
- in-toto Enhancements☆20Feb 17, 2025Updated last year
- ☆26Jun 10, 2025Updated 8 months ago
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆73Updated this week
- Sigstore user stories☆31Aug 25, 2023Updated 2 years ago
- Machine-readable specification for the attestation of security-relevant data.☆72Feb 24, 2026Updated last week
- ☆31Mar 3, 2026Updated last week
- Terraform provider to perform OCI image operations☆15Mar 3, 2026Updated last week
- Keyless Git signing with cosign!☆11May 12, 2022Updated 3 years ago
- SLSA Proposals☆11Jan 29, 2024Updated 2 years ago
- Red team tool that emulates the SolarWinds CI compromise attack vector.☆24Mar 15, 2024Updated last year
- Specification and other related documents.☆50Jan 13, 2025Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 4 months ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Jul 5, 2023Updated 2 years ago
- Technical Advisory Council☆135Updated this week
- ☆255Mar 2, 2026Updated last week
- Release tooling for KubeBuilder projects.☆20Jul 6, 2025Updated 8 months ago
- A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…☆14Feb 17, 2023Updated 3 years ago
- To manage Docker Content Trust and Notary certificates☆13Mar 2, 2026Updated last week
- automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049☆18Mar 1, 2026Updated last week
- Go implementation of The Update Framework heavily influenced by python-tuf☆14Mar 7, 2024Updated 2 years ago
- ☆102Sep 27, 2024Updated last year
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Feb 28, 2026Updated last week
- Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your re…☆22Nov 24, 2025Updated 3 months ago
- ☆16May 15, 2024Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Feb 28, 2026Updated last week
- ☆76Dec 10, 2025Updated 2 months ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆348Updated this week
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆81Feb 25, 2026Updated last week
- A community collection of security reviews of open source software components.☆97Feb 29, 2024Updated 2 years ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago
- A reading list for software supply-chain security.☆364Nov 21, 2022Updated 3 years ago
- Format agnostic SBOM tooling☆133Nov 20, 2025Updated 3 months ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆80Feb 28, 2026Updated last week