Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.4.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The supply-chain-guard GitHub Action is an open-source security scanner designed to detect and mitigate supply chain threats across various ecosystems, including npm, PyPI, Docker, and GitHub repositories. It automates the identification of malware, typosquatting, dependency confusion, and other vulnerabilities, while also generating SBOMs, verifying SLSA provenance, and correlating findings into actionable attack-chain incidents. By providing comprehensive threat detection, trust scoring, and infrastructure analysis, it helps developers safeguard their software supply chains and CI/CD pipelines.
What’s Changed
See README.md for full changelog.