Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.4. This action is used across all versions by 0 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The supply-chain-guard GitHub Action is an open-source security scanner designed to detect and mitigate supply chain threats across various ecosystems, including npm, PyPI, Docker, and GitHub repositories. It automates the identification of malware, typosquatting, dependency confusion, and other vulnerabilities, while also generating SBOMs, verifying SLSA provenance, and correlating findings into actionable attack-chain incidents. By providing comprehensive threat detection, trust scoring, and infrastructure analysis, it helps developers safeguard their software supply chains and CI/CD pipelines.

Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.3. This action is used across all versions by 0 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The supply-chain-guard GitHub Action is an open-source security scanner designed to detect and mitigate threats in software supply chains, including malware campaigns, supply chain attacks, and infrastructure vulnerabilities across ecosystems like npm, PyPI, Docker, and GitHub. It automates the identification of over 170 threat indicators, such as obfuscated code, typosquatting, secrets exposure, and C2 communications, while providing advanced features like CycloneDX SBOM generation, SLSA provenance verification, and incident correlation. This tool streamlines the process of securing dependencies, CI/CD pipelines, and repositories by offering comprehensive analysis and trust scoring.

Version updated for https://github.com/homeofe/supply-chain-guard to version v5.2.0. This action is used across all versions by 0 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The Supply Chain Guard GitHub Action is an open-source security scanner designed to detect and mitigate risks in software supply chains across various ecosystems, including npm, PyPI, Docker, and GitHub repositories. It automates the identification of malware campaigns, supply chain attacks, credential leaks, and infrastructure vulnerabilities while generating comprehensive software bills of materials (SBOMs) and verifying SLSA provenance. Additionally, it provides correlation of findings into actionable attack chains and delivers trust scoring to help users assess the security posture of their projects and dependencies.

Version updated for https://github.com/homeofe/supply-chain-guard to version v5.1.1. This action is used across all versions by 0 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary supply-chain-guard is an open-source supply chain security scanner designed to detect and mitigate threats across various ecosystems such as npm, PyPI, Docker, GitHub Actions, and more. It automates the identification of malware, supply chain attacks, credential leaks, and repository trust issues, while also generating CycloneDX SBOMs and verifying SLSA provenance. By correlating individual findings into comprehensive attack-chain incidents, it helps users proactively secure their software supply chains against over 170 threat indicators.