preparing new version

OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure

GUAC aggregates software security metadata into a high fidelity graph database.

A collection of reference Jupyter notebooks and demo AI/ML applications for enterprise use cases: marketing, pricing, supply chain, smart manufacturing, and more.

🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

Software Supply Chain Transparency Log

Endo is a distributed secure JavaScript sandbox, based on SES

in-toto is a framework to protect supply chain integrity.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Production-Grade ML System for Automated Unit of Measure Error Detection | 88-92% Accuracy | 94% Autonomy | KNIME Workflow

Go implementation of The Update Framework (TUF)

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Common go library shared across sigstore services and clients

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Security & License Compliance For Your App's Dependencies 🪱

Environments for OR and RL Research

Independent verification of binary packages - Reproducible Builds

boostsecurityio/poutine

Software Supply Chain Security Platform

Official GitHub Action for OpenSSF Scorecard.

A Sigstore client written in Python

Supplychainpy is a Python library for supply chain analysis, modelling and simulation. The library assists a workflow that is reliant on Excel and VBA.

A curated list of awesome supply chain blogs, podcasts, standards, projects, and examples.

A code ACL checker for Rust

Easy auditing & sandboxing for your JavaScript dependencies 🪱

Overlay is a browser extension helping developers evaluate open source packages before picking them

Supply chain security for ML