Alternatives and similar repositories for Software-Supply-Chain-Security:

Users that are interested in Software-Supply-Chain-Security are comparing it to the libraries listed below

• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆68Updated last month
• anchore / nvd-data-overrides
  ☆47Updated this week
• latiotech / insecure-kubernetes-deployments
  A full insecure kubernetes application for testing security tools
  ☆64Updated last week
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆70Updated 8 months ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆170Updated 2 months ago
• DataDog / supply-chain-firewall
  A tool for preventing the installation of malicious PyPI and npm packages
  ☆120Updated last month
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆284Updated this week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆90Updated last year
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆224Updated 5 months ago
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆136Updated this week
• snyk / parlay
  Enrich SBOMs with data from third party services
  ☆152Updated this week
• iriusrisk / startleft
  StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…
  ☆49Updated 2 weeks ago
• CycloneDX / sbom-utility
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆99Updated 2 months ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆111Updated last month
• devops-kung-fu / trustier
  Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
  ☆11Updated 3 months ago
• ossf / s2c2f
  The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
  ☆195Updated 5 months ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆173Updated this week
• Nextdoor / cspm_evaluation_matrix
  Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix
  ☆59Updated last year
• OWASP / OpenCRE
  ☆91Updated 2 months ago
• CloudDefenseAI / falco_extended_rules
  Curating Falco rules with MITRE ATT&CK Matrix
  ☆77Updated 10 months ago
• anchore / vunnel
  Tool for collecting vulnerability data from various sources (used to build the grype database)
  ☆84Updated this week
• WithSecureLabs / IceKube
  ☆171Updated 2 months ago
• raesene / Cloud-Native-Security-Talks
  ☆21Updated 2 months ago
• bcdannyboy / EnterpriseSASTDASTProductLandscape
  Analysis of the Enterprise SAST/DAST product landscape
  ☆35Updated 11 months ago
• openvex / spec
  OpenVEX Specification
  ☆140Updated 6 months ago
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆61Updated 7 months ago
• bureado / awesome-software-supply-chain-security
  A compilation of resources in the software supply chain security domain, with emphasis on open source
  ☆303Updated last year
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆132Updated last year
• google / osv-scalibr
  ☆244Updated this week