Independent verification of binary packages - Reproducible Builds

A code ACL checker for Rust

Command line interface for the Phylum API

Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)

atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.

Know your dependencies via interactive cargo dependency graph visualization. An opinionated fork of cargo-depgraph that focuses on interactivity.

nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation

Konarr: A free and open source SCA platform for your containers

Automated security testing for open source libraries and applications.

Borlaug network node

Advanced AI-based supply-chain security intelligence for Go projects.

基于Rust,Vite,MySQL的供应商与零件关系管理系统

Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.