Supply Chain Security
Tools for securing the software supply chain and dependencies.
Syft
A CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems.
Rekor
Software Supply Chain Transparency Log
Fulcio
Sigstore OIDC PKI
Chain-bench
A tool for auditing the software supply chain against the CIS Software Supply Chain benchmark, focusing on security and compliance in the SDLC.
Notary V2
A tool for signing and verifying container images to ensure integrity and authenticity in the software supply chain.
SLSA
A framework for ensuring the integrity and security of software supply chains through standardized controls and best practices.
Sigstore
A tool for ensuring the integrity and authenticity of software artifacts in the supply chain.
in-toto
A tool for ensuring the integrity of software supply chains by providing a transparent and verifiable record of all steps performed.
Codenotary Trustcenter
Codenotary's Trustcenter ensures the integrity and security of software supply chains in DevOps environments through artifact tracking, SBOM management, and VEX curation.
Pyrsia
A decentralized, secure build network and package repository that addresses vulnerabilities in the open-source software supply chain.
Aqua Security Software Supply Chain Security
Aqua Security's Software Supply Chain Security solution provides visibility and protection of the software development and distribution process.
Dependency-Track
A platform for managing risk in the software supply chain by leveraging Software Bill of Materials (SBOM) analysis.