Skip to content

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Notifications You must be signed in to change notification settings

jkylekelly/Software-Supply-Chain-Security

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 

Repository files navigation

Software Supply Chain Security

Introduction

A knowledge base comprising Software Supply Chain Security initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of other learning resources from the web. The list was initially compiled to help me with my research on the topic of Software Supply Chain Security. I've now made the list public for the benefit of everyone else working in this domain. I will endeavour to keep the list up to date as best as I can.

Organizations, Foundations, Working Groups

National Telecommunications and Information Administration (NTIA)

Cybersecurity and Infrastructure Security Agency (CISA)

The White House - Office of the National Cyber Director (ONCD)

National Institute of Standards and Technology (NIST)

Open Worldwide Application Security Project (OWASP)

Open Source Security Foundation (OpenSSF)

Cloud Native Computing Foundation (CNCF)

Regulations

Standards, Frameworks, Best Practices

Software Supply Chain Threats

Threats

Attacks / Compromises

Attack Research / Reports

Vulnerability Management

Vulnerability Databases

EPSS

VEX

SSVC

KEV

Software Identification

Bill of Materials (BOM)

Software Bill of Materials (SBOM)

Formats and Specifications

SBOM Lifecycle

Tooling

SBOM Generation

SBOM Scanning & Analysis

SBOM Governance

Other / Unsorted

Software Supply Chain Security in the Cloud

AWS

Azure

GCP

Software Supply Chain Security & Artificial Intelligence (AI)

Vendors

  • Anchore
  • Binarly - Binarly is the world’s most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.* Chainguard
  • Codenotary
  • Cybeats
  • Endor Labs - At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.
  • FOSSA
  • NetRise - The NetRise Platform is a next-generation product security solution for XIoT devices. Through ML-driven binary analysis, our platform generates industry-best Software Bills of Material (SBOMs), identifies and prioritizes vulnerabilities, and uncovers non-CVE risk that would otherwise go undetected.
  • Ox Security
  • Rezilion
  • TestifySec
  • Venafi

Books

Industry Reports

Guides / Documentation

Articles / White Papers

Supply Chain Attacks

Supply Chain Security

SBOM

Unsorted

GitHub Repos

GitHub Projects

Events / Conferences

Webinars

Podcasts

Blogs

Industry / Community

Experts

Vendors

From the Web

SBOM Adoption / Implementation

Readings

Presentations

Videos

Miscellaneous / Unsorted

About

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published