preparing new version

OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure

GUAC aggregates software security metadata into a high fidelity graph database.

A collection of reference Jupyter notebooks and demo AI/ML applications for enterprise use cases: marketing, pricing, supply chain, smart manufacturing, and more.

🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

Software Supply Chain Transparency Log

in-toto is a framework to protect supply chain integrity.

Endo is a distributed secure JavaScript sandbox, based on SES

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Production-Grade ML System for Automated Unit of Measure Error Detection | 88-92% Accuracy | 94% Autonomy | KNIME Workflow

Go implementation of The Update Framework (TUF)

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Common go library shared across sigstore services and clients

Security & License Compliance For Your App's Dependencies 🪱

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Environments for OR and RL Research

Independent verification of binary packages - Reproducible Builds