Alternatives and similar repositories for Software-Supply-Chain-Security:

Users that are interested in Software-Supply-Chain-Security are comparing it to the libraries listed below

• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆71Updated 10 months ago
• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆73Updated this week
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆171Updated 3 months ago
• DataDog / supply-chain-firewall
  A tool for preventing the installation of malicious PyPI and npm packages
  ☆126Updated this week
• anchore / nvd-data-overrides
  ☆47Updated this week
• latiotech / insecure-kubernetes-deployments
  A full insecure kubernetes application for testing security tools
  ☆68Updated this week
• t0sche / cvss-bt
  Enriching the NVD CVSS scores to include Temporal & Threat Metrics
  ☆106Updated this week
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆292Updated this week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆91Updated 2 weeks ago
• CERTCC / SSVC
  Stakeholder-Specific Vulnerability Categorization
  ☆137Updated this week
• interlynk-io / sbomqs
  SBOM quality score - Quality metrics for your sboms
  ☆194Updated last week
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…
  ☆108Updated this week
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆226Updated 6 months ago
• bureado / awesome-software-supply-chain-security
  A compilation of resources in the software supply chain security domain, with emphasis on open source
  ☆307Updated last year
• CycloneDX / sbom-utility
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆104Updated 3 months ago
• snyk / parlay
  Enrich SBOMs with data from third party services
  ☆159Updated 3 weeks ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆112Updated this week
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆93Updated last year
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆178Updated this week
• devops-kung-fu / trustier
  Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
  ☆11Updated 4 months ago
• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆46Updated 2 years ago
• openvex / spec
  OpenVEX Specification
  ☆141Updated 7 months ago
• anchore / vunnel
  Tool for collecting vulnerability data from various sources (used to build the grype database)
  ☆83Updated this week
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆193Updated this week
• javixeneize / neo4cyclone
  ☆25Updated last year
• blackberry / Falco-bypasses
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆80Updated last year
• Deploying-Securely / DSRAM
  ☆16Updated last year
• raesene / Cloud-Native-Security-Talks
  ☆21Updated 3 months ago
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆319Updated this week