Alternatives and similar repositories for software-supply-chain-compromises:

Users that are interested in software-supply-chain-compromises are comparing it to the libraries listed below

• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆74Updated this week
• ossf-cve-benchmark / ossf-cve-benchmark
  The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…
  ☆142Updated last year
• ossf / package-feeds
  Feed parsing for language package manager updates
  ☆77Updated 3 months ago
• CERTCC / VINCE
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…
  ☆63Updated this week
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆139Updated this week
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆93Updated last year
• anchore / nvd-data-overrides
  ☆47Updated this week
• ossf / wg-vulnerability-disclosures
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…
  ☆186Updated last week
• IQTLabs / pypi-scan
  Scan pypi for typosquatting
  ☆38Updated 2 years ago
• jordan-wright / ossmalware
  ☆93Updated 2 years ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆184Updated last week
• duo-labs / narrow
  Low-effort reachability analysis for third-party code vulnerabilities.
  ☆20Updated last year
• secmerc / materialize-threats
  ☆63Updated 2 years ago
• adamshostack / conflictmodeling
  A place to gather and organize information about using threat modeling frameworks to deal with social conflict in online systems
  ☆56Updated last year
• in-toto / supply-chain-compromises
  ☆22Updated 3 years ago
• ossf / wg-supply-chain-integrity
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
  ☆180Updated last year
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆91Updated last month
• ossf / tac
  Technical Advisory Council
  ☆118Updated last week
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆71Updated last year
• openvex / spec
  OpenVEX Specification
  ☆143Updated 8 months ago
• CloudSecurityAlliance / gsd-tools
  Global Security Database Tools
  ☆42Updated last year
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆73Updated 10 months ago
• OWASP / OpenCRE
  ☆98Updated 3 weeks ago
• chughes757 / SecureSoftwareSupplyChain
  This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
  ☆137Updated 2 years ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆76Updated 7 months ago
• thought-machine / dracon
  Security scanning & static analysis tool
  ☆94Updated 5 months ago
• mario-platt / ASVS-Agile-Delivery-Guide
  ☆35Updated 3 years ago
• ossf / Project-Security-Metrics
  Collect, curate, and communicate relevant security metrics for open source projects.
  ☆63Updated last year
• duo-labs / appsec-education
  Presentations, training modules, and other education materials from Duo Security's Application Security team.
  ☆73Updated 3 years ago
• dropbox / vsmc
  Vendor Security Model Contract
  ☆98Updated 2 years ago