Supply Chain Security
Tools for securing the software supply chain and dependencies.
Tools
Codenotary Trustcenter
Supply Chain SecurityCodenotary's Trustcenter ensures the integrity and security of software supply chains in DevOps environments through artifact tracking, SBOM management, and VEX curation.
Syft
Supply Chain SecurityA CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems.
Aqua Security Software Supply Chain Security
Supply Chain SecurityAqua Security's Software Supply Chain Security solution provides visibility and protection of the software development and distribution process.
Rekor
Supply Chain SecuritySoftware Supply Chain Transparency Log
Anchore Enterprise
Supply Chain SecurityA platform for managing software supply chain security and compliance in cloud-native environments.
Fulcio
Supply Chain SecuritySigstore OIDC PKI
Chain-bench
Supply Chain SecurityA tool for auditing the software supply chain against the CIS Software Supply Chain benchmark, focusing on security and compliance in the SDLC.
Notary V2
Supply Chain SecurityA tool for signing and verifying container images to ensure integrity and authenticity in the software supply chain.
SLSA
Supply Chain SecurityA framework for ensuring the integrity and security of software supply chains through standardized controls and best practices.
Sigstore
Supply Chain SecurityA tool for ensuring the integrity and authenticity of software artifacts in the supply chain.
in-toto
Supply Chain SecurityA tool for ensuring the integrity of software supply chains by providing a transparent and verifiable record of all steps performed.
Pyrsia
Supply Chain SecurityA decentralized, secure build network and package repository that addresses vulnerabilities in the open-source software supply chain.