Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.0.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Supply Chain Guard GitHub Action is an open-source security scanner designed to detect and mitigate risks in software supply chains across various ecosystems, including npm, PyPI, Docker, and GitHub repositories. It automates the identification of malware campaigns, supply chain attacks, credential leaks, and infrastructure vulnerabilities while generating comprehensive software bills of materials (SBOMs) and verifying SLSA provenance. Additionally, it provides correlation of findings into actionable attack chains and delivers trust scoring to help users assess the security posture of their projects and dependencies.
What’s Changed
See README.md for full changelog.