Supply-chain Levels for Software Artifacts
Tern is a software composition analysis tool and Python library that gen...
OWASP dep-scan is a next-generation security and risk audit tool based o...
Detect and remediate misconfigurations and security risks across all you...
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flag...
Independent verification of binary packages - reproducible builds
Chainloop is an Open Source evidence store for your Software Supply Chai...
JavaScript & Node.js open-source SAST scanner. A static analyser for det...
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
eBPF Python runtime sandbox with seccomp (Blocks RCE).
Small tool to inform you about potential risks in project dependencies list
SBOM quality score - Quality metrics for your sboms
List your dependencies capabilities and monitor if updates require more ...
boostsecurityio/lotp
Experimental binary transparency for pacman with sigstore and rekor