Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.1.1.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
supply-chain-guard is an open-source supply chain security scanner designed to detect and mitigate threats across various ecosystems such as npm, PyPI, Docker, GitHub Actions, and more. It automates the identification of malware, supply chain attacks, credential leaks, and repository trust issues, while also generating CycloneDX SBOMs and verifying SLSA provenance. By correlating individual findings into comprehensive attack-chain incidents, it helps users proactively secure their software supply chains against over 170 threat indicators.
What’s Changed
See README.md for full changelog.