Alternatives and similar repositories for software-supply-chain-compromises

Users that are interested in software-supply-chain-compromises are comparing it to the libraries listed below

• ossf / package-feeds
  Feed parsing for language package manager updates
  ☆79Updated 6 months ago
• ossf-cve-benchmark / ossf-cve-benchmark
  The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…
  ☆145Updated last year
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆75Updated last month
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆95Updated last year
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆153Updated this week
• IQTLabs / pypi-scan
  Scan pypi for typosquatting
  ☆36Updated 2 years ago
• duo-labs / narrow
  Low-effort reachability analysis for third-party code vulnerabilities.
  ☆20Updated last year
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆314Updated this week
• ossf / wg-vulnerability-disclosures
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…
  ☆191Updated 2 months ago
• secmerc / materialize-threats
  ☆63Updated 2 years ago
• anchore / nvd-data-overrides
  ☆47Updated this week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆96Updated 4 months ago
• in-toto / supply-chain-compromises
  ☆22Updated 3 years ago
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆364Updated 6 months ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆211Updated this week
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆172Updated 7 months ago
• CERTCC / VINCE
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…
  ☆70Updated this week
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆147Updated 2 months ago
• ossf / wg-supply-chain-integrity
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
  ☆184Updated last year
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆202Updated 3 weeks ago
• chughes757 / SecureSoftwareSupplyChain
  This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
  ☆139Updated 2 years ago
• crashappsec / github-analyzer
  A tool to check the security settings of Github Organizations.
  ☆71Updated 2 years ago
• adamshostack / conflictmodeling
  A place to gather and organize information about using threat modeling frameworks to deal with social conflict in online systems
  ☆56Updated this week
• jordan-wright / ossmalware
  ☆93Updated 2 years ago
• Deploying-Securely / DSRAM
  ☆16Updated 2 years ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆76Updated 10 months ago
• ossf / tac
  Technical Advisory Council
  ☆125Updated last week
• adamshostack / DFD3
  ☆80Updated 8 months ago
• chainguard-dev / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆46Updated 2 years ago
• jgamblin / cve.icu
  CVE.ICU code.
  ☆42Updated this week