Agentic AI Workflows for Development Chores
-
Updated
May 9, 2024 - Python
Agentic AI Workflows for Development Chores
Endo is a distributed secure JavaScript sandbox, based on SES
A tool to create, transform and attest VEX metadata
Software Supply Chain Transparency Log
Code-signing for npm packages
Command line interface for the Phylum API
GUAC aggregates software security metadata into a high fidelity graph database.
boostsecurityio/poutine
A GitHub Actions Supply Chain CTF / Goat
Official GitHub Action for OpenSSF Scorecard.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
OtterDog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively used by the Eclipse Foundation to manage its numerous projects hosted on GitHub.
Security audit Python project dependencies against security advisory databases.
Software Supply Chain Security Platform
Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)
Trusty Dependency Analysis Action
Throw a tag at and it comes back with a checksum.
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
FOSSLight Hub : Integrated management web-service for Open Source Compliance Process
Add a description, image, and links to the supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain topic, visit your repo's landing page and select "manage topics."