Supply Chain Security
Tools for securing the software supply chain and dependencies.
Codenotary Trustcenter
Codenotary's Trustcenter ensures the integrity and security of software supply chains in DevOps environments through artifact tracking, SBOM management, and VEX curation.
Syft
A CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems.
Aqua Security Software Supply Chain Security
Aqua Security's Software Supply Chain Security solution provides visibility and protection of the software development and distribution process.
Rekor
Software Supply Chain Transparency Log
Anchore Enterprise
A platform for managing software supply chain security and compliance in cloud-native environments.
Fulcio
Sigstore OIDC PKI
Chain-bench
A tool for auditing the software supply chain against the CIS Software Supply Chain benchmark, focusing on security and compliance in the SDLC.
Notary V2
A tool for signing and verifying container images to ensure integrity and authenticity in the software supply chain.
SLSA
A framework for ensuring the integrity and security of software supply chains through standardized controls and best practices.
Sigstore
A tool for ensuring the integrity and authenticity of software artifacts in the supply chain.
in-toto
A tool for ensuring the integrity of software supply chains by providing a transparent and verifiable record of all steps performed.
Pyrsia
A decentralized, secure build network and package repository that addresses vulnerabilities in the open-source software supply chain.