Supply Chain Guard

Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.3.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The supply-chain-guard GitHub Action is an open-source security scanner designed to detect and mitigate threats in software supply chains, including malware campaigns, supply chain attacks, and infrastructure vulnerabilities across ecosystems like npm, PyPI, Docker, and GitHub. It automates the identification of over 170 threat indicators, such as obfuscated code, typosquatting, secrets exposure, and C2 communications, while providing advanced features like CycloneDX SBOM generation, SLSA provenance verification, and incident correlation. This tool streamlines the process of securing dependencies, CI/CD pipelines, and repositories by offering comprehensive analysis and trust scoring.

What’s Changed

See README.md for full changelog.

• Homeofe
• GitHub Actions