A standalone, zero-dependency Node.js script for supply chain security analysis of npm dependencies.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes container images and filesystems to produce comprehensive inventories of installed packages and dependencies in standard formats. Additionally, it serves as a software attestation tool and an SBOM format converter. The project distinguishes itself through the ability to create cryptographically signed attestations for software inventories to ensure provenance and integrity. It also provides the capability to transform software bills of materials between different industry sche
Las características principales de en/code-security son: Developer Resources, Security Best Practices, Supply Chain Security.
Las alternativas de código abierto para en/code-security incluyen: denysvuika/supply-chain-inspector — A standalone, zero-dependency Node.js script for supply chain security analysis of npm dependencies. deislabs/ratify — Artifact Ratification Framework (CNCF Sandbox). aquasecurity/chain-bench — An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software… ellerbrock/typescript-badges. grafeas/kritis — Deploy-time Policy Enforcer for Kubernetes applications. anchore/syft — Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes…