Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.
-
Updated
Jun 6, 2026 - Go
#
supply-chain-security
Here are 1,015 public repositories matching this topic...
Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency
security mcp code-execution ai-agents zero-trust ai-security runtime-security supply-chain-security sigstore agent-sandbox prompt-injection llm-security llm-sandbox ai-security-tool agent-security mcp-security ai-agent-security ai-agent-sandbox
-
Updated
Jun 8, 2026 - Rust
Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
shell rust cli security unicode terminal devtools homograph-attack supply-chain-security url-security
-
Updated
Jun 8, 2026 - Rust
Supply-chain Levels for Software Artifacts
-
Updated
Jun 8, 2026 - HTML
safely install npm packages by auditing them pre-install stage
nodejs npm security package-manager security-audit best-practices command-line-tool vulnerabilities appsec vulnerability-scanners security-tools supply-chain-security
-
Updated
Jun 8, 2026 - JavaScript
GUAC aggregates software security metadata into a high fidelity graph database.
security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom
-
Updated
Jun 8, 2026 - Go
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
security-audit containers dependency-analysis vex compliance cve sca vulnerability-scanners security-tools devsecops reachability-analysis sbom cyclonedx supply-chain-security risk-audit dependency-audit
-
Updated
May 27, 2026 - Python
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.
actions hardening security-hardening egress-filtering network-security runners runtime-security github-actions supply-chain-security
-
Updated
May 25, 2026 - TypeScript
Collection of npm package manager Security Best Practices
nodejs npm security awesome best-practices awesome-list vulnerabilities supply-chain-security shai-hulud shai-hulud-detector shai-hulud-attack
-
Updated
May 24, 2026
Protect against malicious open source packages 🤖
golang npm security rubygems static-analysis pypi hacktoberfest devsecops software-composition-analysis policy-as-code supply-chain-security
-
Updated
Jun 5, 2026 - Go
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security
-
Updated
Mar 12, 2024 - Python
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
github golang security devops gitlab ci security-scanner devsecops supply-chain-security sdlc-security
-
Updated
Mar 28, 2025 - Go
Graphing SBOM's Fast.
-
Updated
Aug 29, 2025 - Go
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
python npm security rubygems devops security-audit static-analysis pypi malware supply-chain sandboxing developer-tools dynamic-analysis vulnerability malware-analysis devops-tools vulnerability-scanners security-tools devsecops supply-chain-security
-
Updated
Apr 12, 2026 - Python
Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.
python cli security-audit api-gateway security-scanner ai-agents claude ai-security supply-chain-security openai-api web3-wallet prompt-injection anthropic llm-security llm-proxy web3-security ai-audit llm-audit model-substitution tool-call-rewriting
-
Updated
Jun 7, 2026 - Python
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Jun 8, 2026 - Go
poutine, a supply chain vulnerability scanner for build pipelines
github cli golang security devops ci supply-chain security-scanner devsecops github-actions supply-chain-security gh-extension
-
Updated
May 26, 2026 - Go
blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.
-
Updated
May 25, 2026 - Python
Independent verification of binary packages - Reproducible Builds
-
Updated
Jun 3, 2026 - Rust
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."