SAP / risk-explorer-for-software-supply-chains
A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
☆69Updated this week
Related projects: ⓘ
- Home page of project "KB"☆111Updated 2 weeks ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆138Updated 6 months ago
- This repository contains a list of papers about software supply chain☆25Updated 3 months ago
- A dataset of software supply chain compromises. Please help us maintain it!☆126Updated 2 years ago
- ☆41Updated 2 months ago
- Feed parsing for language package manager updates☆71Updated this week
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- The Cloud Property Graph is based on a Code Property Graph and tries to connect static code analysis and Cloud runtime assessment.☆22Updated last month
- 🪐 A Database of Existing Security Vulnerabilities Patches to Enable Evaluation of Techniques (single-commit; multi-language)☆33Updated last year
- ☆28Updated last year
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆35Updated 2 years ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆126Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆123Updated 7 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆229Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆42Updated last year
- A fork of Bandit tool with patterns to identifying malicious python code.☆16Updated 2 years ago
- A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the res…☆15Updated 2 years ago
- OSS-Fuzz vulnerabilities for OSV.☆129Updated this week
- Open Source Vulnerability schema.☆176Updated this week
- Scan pypi for typosquatting☆36Updated last year
- PURL to CPE Relationship mapping project.☆69Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆277Updated last year
- SecretBench is a dataset consisting of different secret types collected from public open-source repositories.☆23Updated 3 months ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆86Updated this week
- Atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.☆46Updated 2 weeks ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆85Updated 7 months ago
- Low-effort reachability analysis for third-party code vulnerabilities.☆19Updated last year
- Analyse package dependency networks at the call graph level☆90Updated 9 months ago
- Evaluation Framework for Dependency Analysis (EFDA)☆40Updated 2 years ago
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆115Updated last year