supply-chain-security
Here are 102 public repositories matching this topic...
🚀 DevSecOps intro elective — 10 hands-on labs + 2 bonus hardening OWASP Juice Shop: threat modeling (STRIDE/Threagile), signed commits & secret scanning, SBOM/SCA, SAST + DAST, IaC security (Checkov/KICS), container & supply-chain hardening (Trivy, Cosign), runtime detection with Falco, and DefectDojo vuln management.
-
Updated
Jun 30, 2026 - Shell
credit score for context
-
Updated
Mar 31, 2026 - Shell
Hands-off supply-chain watchdog for dev machines: orchestrates multiple security scanners (Perplexity bumblebee + osv-scanner, govulncheck, NVIDIA SkillSpector) into one daily verdict — via Claude/Slack, desktop notification, or plain CLI.
-
Updated
Jul 8, 2026 - Shell
Dependency safety gate for Claude Code & Codex CLI — OSV pre-approval, npm lockfile-closure enforcement, and auto-rollback. Local, zero runtime deps.
-
Updated
Jul 11, 2026 - Shell
Read-only supply-chain scanning for Hermes Agent, powered by Perplexity's Bumblebee. Daily scans, Telegram alerts, JARVIS narration.
-
Updated
May 24, 2026 - Shell
CI/CD supply chain hardening plugin for Claude Code, designed for Rust projects
-
Updated
Mar 22, 2026 - Shell
Security skills for AI coding agents — incident response for supply chain attacks, credential rotation, IOC detection. Works with Claude Code, Codex, Cursor, or as standalone scripts and runbooks.
-
Updated
Apr 1, 2026 - Shell
BomLens — a local-first SBOM generator & open-source risk assessor (CycloneDX). Produce an SBOM, an open-source notice, and a security/license risk report from source code, containers, binaries, firmware, or an SBOM you received. CLI or web UI, no SaaS.
-
Updated
Jul 15, 2026 - Shell
Tiny offline Codex auth.json snapshot switcher for multiple ChatGPT accounts. Zero dependencies, no network.
-
Updated
Jul 5, 2026 - Shell
Security-hardened GitHub repository template, designed to prevent supply-chain attacks. Includes vulnerability scanning and AI agent skills.
-
Updated
Jul 1, 2026 - Shell
AWS CLI v2 + kubectl on Ubuntu 24.04. Multi-arch, cosign-signed, SBOM + SLSA attested. Non-root by default. 725K+ pulls.
-
Updated
Jul 13, 2026 - Shell
Convert any DevOps Pipeline into 8-gate DevSecOps Pipeline with just 10 lines of YAML code - secrets, SAST, SBOM, signing. 100% OSS, free.
-
Updated
Jul 4, 2026 - Shell
scir-oss is a tool that integrates public data and information regarding open source software projects and their products into a Project, Product, Protection, and Policy report (OSS-P4/R).
-
Updated
Apr 22, 2026 - Shell
A pure client side CycloneDX SBOM Generator for node/npm projects
-
Updated
Feb 16, 2025 - Shell
Adversarial security review for AI skills, repos, MCP servers, and packages before you install them. A read-only scanner plus a five-persona reasoning pass, ending in a GO / GO WITH MITIGATIONS / NO-GO verdict.
-
Updated
Jul 15, 2026 - Shell
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
-
Updated
Jul 2, 2026 - Shell
Keep your supply chain in a VM. Tiny Bash + Lima wrapper for isolated Fedora dev environments on macOS.
-
Updated
Jul 13, 2026 - Shell
Autonomous AI security agent that audits, pentests, and hardens your whole codebase: SAST, secrets, SCA, IaC, containers, CI/CD, OWASP, and AI/LLM red-teaming. Auto-fixes vulnerabilities and maps findings to compliance frameworks like SOC 2. Works with Claude Code, Cursor, Codex, and opencode.
-
Updated
Jul 9, 2026 - Shell
Run untrusted code without trusting it.
-
Updated
Jul 10, 2026 - Shell
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."