DockerCon23 Workshop on Secure Development with Docker
Capstone project assessing the current state of the software supply chain in open-source projects
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software in Cybersecurity
Sample CI/CD pipeline for creating container images with provenance details.
End-to-End Cybersecurity
A CLI tool to analyze the behavior of your dependencies using listen.dev
Repo to demonstrate scanning in different CI/CD tools using ReversingLabs Spectra Assure.
A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the respective source code repository
Jenkins plugin for Xygeni - End to end software development and delivery security
The Sonatype Platform Browser Extension
Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
Software signing just got easier
Cross-platform embeddable sandboxing
Sharing software supply chain security open source projects
in-toto is a framework to secure the software supply chain.
Repository for the SBOM Harbor.
Enabling Software Supply Chain Security Capabilities in ArgoCD
Command line interface for the Phylum API
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Add a description, image, and links to the software-supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain-security topic, visit your repo's landing page and select "manage topics."