PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Supply Chain Security Python Packages

Python packages with the GitHub topic supply-chain-security. Sorted by relevance, with stars and monthly downloads.
duriantaco
ca9

CA9 is a local evidence engine for Python AppSec triage. It sits after scanners and before engineers waste time, proving which findings matter.

60K 5 0
spdx
ntia-conformance-checker

Validate SPDX 2 and 3 SBOM against NTIA, CISA, and other minimum element requirements.

22K 89 24
Project-Navi
navi-sanitize

Deterministic input sanitization for untrusted text — invisible characters, homoglyphs, and encoding tricks, handled before your code sees them. Zero dependencies, no ML. Python 3.12+.

21K 2 0
Rul1an
assay-it

Policy-as-code for MCP agents: deny risky tool calls before they run, prove what ran with verifiable evidence, and enforce egress in the kernel (eBPF/LSM, Linux). Deterministic, offline-first, bounded claims.

17K 9 1
pezhik
skilltotal

Scan AI components (MCP servers, agent skills, npm/PyPI packages) for malware & risky capabilities. Local, deterministic, evidence-anchored. Free & OSS.

16K 1 0
gautamvarmadatla
mcpsafetywarden

MCP servers expose tools with no information about what they actually do at runtime. mcpsafetywarden sits between your agent and any MCP server, profiling tool behavior, blocking destructive calls, and running active security audits before you trust them in a workflow.

15K 7 1
owasp-dep-scan
blint

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

15K 448 47
owasp-dep-scan
owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

14K 1K 131
msaad00
agent-bom

AI supply-chain & cloud security scanner and self-hosted control plane — agents, MCP, packages, cloud estate, non-human identities, and LLM cost. SBOM/SARIF, graph attack-paths, runtime enforcement, and compliance evidence.

13K 25 7
owasp-dep-scan
ds-analysis-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
owasp-dep-scan
ds-xbom-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
owasp-dep-scan
ds-reporting-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
sunglasses-dev
sunglasses

Sunglasses for AI agents. Protection layer + neighborhood watch.

9K 3 2
adudley78
mcp-audit-scanner

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, credential exposure, supply chain risks, and more.

8K 2 1
cpeoples
ansible-security-scanner

🛡️ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed.

8K 7 0
b7n0de
proofbundle

Receipts for AI eval results: turn a result into one signed, offline-verifiable JSON file. Proves who signed it and that nothing changed — not that it's true. Ed25519 + RFC 6962.

8K 1 0
keelapi
keel-verifier

Independent verifier for signed AI audit exports and Permit-spec evidence

7K 3 0
SSX360
matrixscroll

Open protocol for signed AI-assisted commit provenance (Ed25519, offline verify; SE050 hardware path in progress).

7K 4 0
shcherbak-ai
tethered

tethered — Runtime network egress control for Python. One function call to restrict which hosts your code can connect to.

6K 8 0
lucashgrifoni
oss-policy-kit

Policy-as-code starter kit for OSS repository governance and CI/CD hygiene across GitHub, Azure, and AWS.

6K 3 1
Halfblood-Prince
trustcheck

Verify PyPI package attestations and improve Python supply-chain security

6K 78 1
PrismorSec
immunity-agent

Runtime security for Agents. Blocks dangerous commands, prevent secret leaks, stop prompt injection, gate risky package installs and visibility and control over tool calls.

6K 222 17
dmartinochoa
pipeline-check

CI/CD Security Posture Scanner

6K 7 1
appthreat
appthreat-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

5K 1K 131
    • Data from PyPI, GitHub, ClickHouse, and BigQuery