SmartChain is an opensource solution for supply chain tracking
-
Updated
Jun 2, 2024 - TypeScript
SmartChain is an opensource solution for supply chain tracking
🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
Trusty Dependency Analysis Action
boostsecurityio/poutine
Software Supply Chain Security Platform
OriginTrail Decentralized Knowledge Graph network node
GUAC aggregates software security metadata into a high fidelity graph database.
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Repository Service for TUF: Command Line Interface
in-toto is a framework to protect supply chain integrity.
Throw a tag at and it comes back with a checksum.
The supply Chain is the network of production and logistics involved in producing and delivering goods to customers.
Automate code reviews, patching and documentation with LLM workflows.
Endo is a distributed secure JavaScript sandbox, based on SES
Verifiable Credentials for Supply Chain Interoperability Specification for HTTP
A traceability vocabulary for describing relevant Verifiable Credentials and their contents.
Supply chain security for ML
Add a description, image, and links to the supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain topic, visit your repo's landing page and select "manage topics."