A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
☆144Jan 28, 2024Updated 2 years ago
Alternatives and similar repositories for Software-Supply-Chain-Security
Users that are interested in Software-Supply-Chain-Security are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆350Mar 14, 2026Updated last week
- ☆18Jul 30, 2024Updated last year
- ☆14Apr 24, 2023Updated 2 years ago
- VFCFinder: Searching for the Missing Vulnerability Fixing Commits☆29Dec 1, 2023Updated 2 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆473Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆81Mar 20, 2026Updated last week
- A reading list for software supply-chain security.☆365Nov 21, 2022Updated 3 years ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆316Updated this week
- ☆117Feb 11, 2026Updated last month
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 2 years ago
- Polar is a secure and scalable knowledge graph framework, designed to address the challenges posed by building big data systems in highly…☆22Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆608Feb 10, 2026Updated last month
- Format agnostic SBOM tooling☆135Nov 20, 2025Updated 4 months ago
- Websec interview questions by tib3rius answered☆308Nov 13, 2023Updated 2 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Machine-readable specification for the attestation of security-relevant data.☆73Mar 19, 2026Updated last week
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆39Sep 25, 2024Updated last year
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆224Mar 17, 2026Updated last week
- Report on quality of SBOM contents☆25Dec 18, 2024Updated last year
- in-toto Attestation Framework☆328Mar 18, 2026Updated last week
- TACOS framework structural details☆20May 12, 2025Updated 10 months ago
- Enrich SBOMs with data from third party services☆221Feb 11, 2026Updated last month
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆29Sep 27, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆578Feb 12, 2026Updated last month
- ☆187Mar 2, 2026Updated 3 weeks ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆98Feb 11, 2025Updated last year
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆239Aug 13, 2024Updated last year
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆35Jan 4, 2026Updated 2 months ago
- A collection of dashboards, templates, API's and Power BI code for vulnerability management and analysis☆23Feb 2, 2025Updated last year
- My journey and notes on learning Offensive Security from the ground up☆21Dec 22, 2025Updated 3 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Deadline countdowns for academic conferences in Software Engineering☆75Feb 10, 2026Updated last month
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆21Mar 7, 2025Updated last year
- Sharing software supply chain security open source projects☆53Dec 19, 2022Updated 3 years ago
- A tool to check the security settings of Github Organizations.☆75Feb 9, 2026Updated last month
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆16Apr 10, 2025Updated 11 months ago
- Data about all known supply-chain attacks through history☆64May 28, 2025Updated 9 months ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆227May 26, 2025Updated 10 months ago