compare wheel built from git with what's on pypi
-
Updated
May 3, 2022 - Python
compare wheel built from git with what's on pypi
Dev tool to aggregate and focus on the changelog relevant to your codebase
A site for an IQT R&D initiative on software supply chain security.
This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.
Sample CI/CD pipeline for creating container images with provenance details.
A proof-of-concept SLSA provenance generator for Buildkite.
software supply chain protection for javascript and python dependencies 🔐
Prototype Open Source Software Nutrition Labels
🗒️ Researching & exploring how to mitigate malicious 3rd-party packages (e.g. npm, pip, rubygems ...etc)
Capstone project assessing the current state of the software supply chain in open-source projects
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
The ChaordicLedger is the implementation of a design for a combination of Distributed Ledger Technology (DLT) and a Distributed File System (DFS) to create a secure, enterprise-grade platform for storing interlinked project artifacts.
A malicious package to demonstrate the importance of software supply chain security.
SLSA level 3 action
A simple web app software supply chain monitoring toolkit
Repository for the SBOM Harbor.
Sharing software supply chain security open source projects
Github Action implementation of SLSA Provenance Generation
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."