A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
☆146Jan 28, 2024Updated 2 years ago
Alternatives and similar repositories for Software-Supply-Chain-Security
Users that are interested in Software-Supply-Chain-Security are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆354Apr 3, 2026Updated 2 weeks ago
- ☆18Jul 30, 2024Updated last year
- ☆14Apr 24, 2023Updated 2 years ago
- VFCFinder: Searching for the Missing Vulnerability Fixing Commits☆30Dec 1, 2023Updated 2 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆491Updated this week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A reading list for software supply-chain security.☆365Nov 21, 2022Updated 3 years ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆333Updated this week
- ☆116Feb 11, 2026Updated 2 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 3 years ago
- Polar is a secure and scalable knowledge graph framework, designed to address the challenges posed by building big data systems in highly…☆22Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆608Feb 10, 2026Updated 2 months ago
- Format agnostic SBOM tooling☆137Nov 20, 2025Updated 4 months ago
- Websec interview questions by tib3rius answered☆308Nov 13, 2023Updated 2 years ago
- Machine-readable specification for the attestation of security-relevant data.☆73Apr 8, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆39Sep 25, 2024Updated last year
- Report on quality of SBOM contents☆25Dec 18, 2024Updated last year
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆261Apr 9, 2026Updated last week
- in-toto Attestation Framework☆328Apr 6, 2026Updated last week
- TACOS framework structural details☆20May 12, 2025Updated 11 months ago
- Enrich SBOMs with data from third party services☆224Apr 9, 2026Updated last week
- An Architecture for Trustworthy Digital Supply Chain Transparency Services☆18Oct 19, 2025Updated 5 months ago
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆29Sep 27, 2023Updated 2 years ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆581Feb 12, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- ☆189Mar 2, 2026Updated last month
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆98Feb 11, 2025Updated last year
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆241Aug 13, 2024Updated last year
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆36Jan 4, 2026Updated 3 months ago
- A collection of dashboards, templates, API's and Power BI code for vulnerability management and analysis☆23Feb 2, 2025Updated last year
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆22Mar 7, 2025Updated last year
- A tool to check the security settings of Github Organizations.☆75Feb 9, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆16Apr 10, 2025Updated last year
- Data about all known supply-chain attacks through history☆65May 28, 2025Updated 10 months ago
- Sharing software supply chain security open source projects☆54Dec 19, 2022Updated 3 years ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆229May 26, 2025Updated 10 months ago
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Mar 23, 2023Updated 3 years ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆38Jan 25, 2026Updated 2 months ago