Supply Chain Security

Dependency scanners, SBOM generators, artifact signing, and tools that protect against compromised packages and hallucinated dependencies

• Adopt
  • Socket.dev
  • Dependabot
  • Renovate
• Trial
  • Sigstore / Cosign
  • OpenSSF Scorecard
  • OSV.dev
  • Syft / Grype
• Assess
  • SLSA Framework