Skip to content
@securechaindev

Secure Chain

Open-source tools for software supply chain security.
README.md

Secure Chain offers open-source tools for securing your Software Supply Chain (SSC).

With SecureChain, security engineers can analyze software dependencies, tracking vulnerabilities, and generating actionable VEX reports. Meanwhile, developers just run their builds, SecureChain takes care of collecting SBOMs, mapping transitive risks, and producing verified security documentation. This decoupled workflow ensures scalable, organization-wide supply chain security without interrupting developer velocity.

Go here to learn more and get started.

Pinned Loading

  1. securechain-depex securechain-depex Public

    Depex is a tool that allows you to reason over the entire configuration space of the Software Supply Chain of an open-source software repository.

    Python 4 1

  2. securechain-vexgen securechain-vexgen Public

    A simple generating tool of Vulnerability Exploitability eXchange (VEX) and Threat Intelligence eXchange (TIX) files.

    Python 2

  3. securechain-mcp-server securechain-mcp-server Public

    The Secure Chain Model Context Protocol (MCP) server to give context about your software supply chain to any type of LLM or AI agent.

    Python 2

  4. securechain-ssc-ingestion securechain-ssc-ingestion Public

    Data pipeline for ingesting software packages from multiple ecosystems into SecureChain.

    Python 1 1

  5. securechain-stack securechain-stack Public

    Docker-based infrastructure for Secure Chain project databases and tools.

    Makefile 1

  6. securechain-data-dumps securechain-data-dumps Public

    This repository serves as a reference and landing page for data dumps published on Zenodo.

    1

Repositories

Showing 10 of 22 repositories
View all repositories

Top languages

Loading…

Most used topics

Loading…