compare wheel built from git with what's on pypi
-
Updated
May 3, 2022 - Python
compare wheel built from git with what's on pypi
A site for an IQT R&D initiative on software supply chain security.
Dev tool to aggregate and focus on the changelog relevant to your codebase
This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.
Sample CI/CD pipeline for creating container images with provenance details.
A proof-of-concept SLSA provenance generator for Buildkite.
🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)
software supply chain protection for javascript and python dependencies 🔐
Prototype Open Source Software Nutrition Labels
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
Capstone project assessing the current state of the software supply chain in open-source projects
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
A malicious package to demonstrate the importance of software supply chain security.
SLSA level 3 action
A simple web app software supply chain monitoring toolkit
Repository for the SBOM Harbor.
Sharing software supply chain security open source projects
Github Action implementation of SLSA Provenance Generation
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."