compare wheel built from git with what's on pypi
-
Updated
May 3, 2022 - Python
compare wheel built from git with what's on pypi
A site for an IQT R&D initiative on software supply chain security.
Dev tool to aggregate and focus on the changelog relevant to your codebase
This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.
Capstone project assessing the current state of the software supply chain in open-source projects
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
Sample CI/CD pipeline for creating container images with provenance details.
🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)
A simple web app software supply chain monitoring toolkit
software supply chain protection for javascript and python dependencies 🔐
A proof-of-concept SLSA provenance generator for Buildkite.
SLSA level 3 action
A malicious package to demonstrate the importance of software supply chain security.
Sharing software supply chain security open source projects
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
in-toto is a framework to secure the software supply chain.
Prototype Open Source Software Nutrition Labels
Command line interface for the Phylum API
Repository for the SBOM Harbor.
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."