Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.6.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The supply-chain-guard GitHub Action is an open-source security scanner designed to detect and mitigate threats in software supply chains for various ecosystems, including npm, PyPI, Docker, and GitHub repositories. It automates the detection of malware, typosquatting, dependency confusion, and other supply chain vulnerabilities, while also generating accurate SBOMs and verifying SLSA provenance. Its key capabilities include advanced threat detection, trust scoring, attack-chain correlation, and comprehensive security analysis of code, infrastructure, and repository metadata.
What’s Changed
See README.md for full changelog.