Supply Chain Security does not need to be difficult

The Cartographer CLI offers a convenient way to manage a Cartographer installation and related workflows.

A python application to add hashes to your requirements.txt

Materials for the talk "How to automate dependency updates with the Roche Renovate bot"

Check CVSS v3.1 and EPSS scores for a given CVE ID and whether its in CISA KEV catalog

Democratizing the monitoring of open-source software supply chains

GitVerify is a tool designed to analyze GitHub repositories and provide insights into their trustworthiness. It gathers data from the GitHub API and, optionally, performs VirusTotal checks on associated domains, then presents the results in a concise manner. Supported output formats include: text, json, csv.

New Android supply chain attack surface

A paper on supply chain security in software development for Uni.

boostsecurityio/supply-chain-research

Kubernetes operator for the OSS Review Toolkit

cargo-crev to cargo-vet code review exporter

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Secure Software Supply Chain Lifecycle in Cybersecurity.

GitHub Action to analyze Pull Requests for open-source supply chain issues

git hooks to prevent committing vulnerable dependencies

Developed a system that keeps track of the product quality and other factors throughout the supply chain by using Blockchain technology

Utility to test reproducibility of crates from Cargo.lock

A simple CircleCI orb used to install Cosign and sign container images

Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.

Samples showing how to secure the supply chain for Java applications.