AevaOnline / supply-chain-synthesisView external linksLinks
Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
☆33Apr 4, 2023Updated 2 years ago
Alternatives and similar repositories for supply-chain-synthesis
Users that are interested in supply-chain-synthesis are comparing it to the libraries listed below
Sorting:
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Apr 22, 2025Updated 9 months ago
- An http proxy for reproducibility.☆19Jan 10, 2023Updated 3 years ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- SIG Software Supply Chain☆16Nov 18, 2024Updated last year
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools☆19Feb 6, 2026Updated last week
- in-toto Enhancements☆19Feb 17, 2025Updated last year
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Feb 10, 2026Updated last week
- Sigstore user stories☆30Aug 25, 2023Updated 2 years ago
- Machine-readable specification for the attestation of security-relevant data.☆72Feb 2, 2026Updated 2 weeks ago
- ☆31Feb 10, 2026Updated last week
- Terraform provider to perform OCI image operations☆15Feb 10, 2026Updated last week
- SLSA Proposals☆11Jan 29, 2024Updated 2 years ago
- Keyless Git signing with cosign!☆11May 12, 2022Updated 3 years ago
- Red team tool that emulates the SolarWinds CI compromise attack vector.☆24Mar 15, 2024Updated last year
- Specification and other related documents.☆49Jan 13, 2025Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 3 months ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Jul 5, 2023Updated 2 years ago
- Technical Advisory Council☆134Feb 9, 2026Updated last week
- ☆255Updated this week
- The model for the information captured in SPDX version 3 standard.☆97Updated this week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Feb 4, 2026Updated last week
- Release tooling for KubeBuilder projects.☆20Jul 6, 2025Updated 7 months ago
- A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…☆14Feb 17, 2023Updated 3 years ago
- To manage Docker Content Trust and Notary certificates☆13Updated this week
- Go implementation of The Update Framework heavily influenced by python-tuf☆14Mar 7, 2024Updated last year
- ☆102Sep 27, 2024Updated last year
- Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your re…☆22Nov 24, 2025Updated 2 months ago
- Security advisory data for Wolfi☆20Jan 7, 2026Updated last month
- ☆16May 15, 2024Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Updated this week
- ☆75Dec 10, 2025Updated 2 months ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆345Feb 7, 2026Updated last week
- A curated list of awesome CNAB (Cloud Native Applications Bundles) | https://cnab.io/☆16Dec 17, 2020Updated 5 years ago
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆79Feb 6, 2026Updated last week
- A community collection of security reviews of open source software components.☆96Feb 29, 2024Updated last year
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago
- Format agnostic SBOM tooling☆131Nov 20, 2025Updated 2 months ago
- A reading list for software supply-chain security.☆366Nov 21, 2022Updated 3 years ago