Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.5.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Supply-Chain Guard GitHub Action is an open-source security scanner designed to detect and mitigate supply chain threats across various ecosystems, including npm, PyPI, Docker, Terraform, GitHub Actions, and more. It automates the identification of malware campaigns, package vulnerabilities, typosquatting, credential leaks, and other risks, while also verifying SLSA provenance and generating accurate CycloneDX SBOMs. Additionally, it provides attack-chain correlation, repository trust scoring, and infrastructure security analysis to streamline and enhance supply chain risk management.
What’s Changed
See README.md for full changelog.