PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Supply Chain Python Packages

Python packages with the GitHub topic supply-chain. Sorted by relevance, with stars and monthly downloads.
pypa
pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

22.8M 1K 108
sigstore
sigstore

A Sigstore client written in Python

747K 324 82
in-toto
in-toto

in-toto is a framework to protect supply chain integrity.

45K 1K 156
ochronasec
ochrona

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

19K 51 8
sigstore
model-signing

Supply chain security for ML

14K 237 62
bootproof
repo-proofer

Find out if a repo will steal your keys before you run it. Zero-network sandbox + strace exfil detection. 100% deterministic, no AI. `uvx repo-proofer <url>

10K 0 0
twu
skjold

Security audit Python project dependencies against security advisory databases.

10K 67 13
johhnyg
stillrunning

Enterprise security and monitoring for developers. pip install stillrunning

3K 0 0
LarrySnyder
stockpyl

Python inventory optimization and simulation tools.

2K 164 30
SemClone
ospac

OSPAC - Open Source Policy as Code

2K 2 1
amaar-mc
pinlint

Static linter that checks a requirements file is fully version-pinned and hash-pinned, for CI and pre-commit.

2K 0 0
eclipse-csi
otterdog

OtterDog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively used by the Eclipse Foundation to manage its numerous projects hosted on GitHub.

2K 47 22
r12habh
actionscope

Map the AWS blast radius of GitHub Actions workflows. Detects compromised actions, OIDC misconfigurations, script injection, and privilege escalation paths.

2K 1 12
CSOAI-ORG
sbom-cyclonedx-mcp

SBOM CycloneDX 1.6 + SPDX 2.3. EO 14028 / NIS2 / CRA. Part of the CSOAI Layer-0: 8 protocols · 100/100 A+++++ · world-leading.

1K 1 0
j7an
dep-rank

Rank a GitHub project's dependents by stars or trust — CLI that scrapes dependents and enriches via GraphQL.

1K 0 1
YugantM
hvtracker-mcp

MCP server for HVTracker trust checks.

1K 0 0
temurkhan13
openclaw-skill-vetter-mcp

MCP server for security-vetting third-party AI agent extensions before installation — Claude skills, plugins, tool packs. 41 detection rules across prompt-injection, exfiltration, dynamic execution, typosquats. 0-100 risk score.

1K 0 0
dockfixlabs
dfx-mcp-scanner

Security scanner for MCP (Model Context Protocol) servers - detects malicious tools, data exfiltration, and supply chain risks before connecting to your AI agent.

1K 1 0
kirankotari
ossguard

OSSGuard Python implementation — reference CLI with Rich UI (pip install ossguard)

1K 2 0
DevInder1
tridentchain-mcp

Supply Chain Scanner is a local-first security tool that scans your project dependencies, developer environment, and IDE extensions for known vulnerabilities using multiple intelligence sources (OSV, NVD, GHSA, Sonatype), then prioritizes remediation with KEV/EPSS insights and easy-to-read reports — with no API key required for default use.

1K 0 0
dbsystel
oss-red-flag-checker

Check remote repositories for typical red flags like CLAs and risks due to low development activity

1K 29 2
kulkansecurity
gitxray

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

1K 181 14
DevInder1
tridentchain-security

Supply Chain Scanner is a local-first security tool that scans your project dependencies, developer environment, and IDE extensions for known vulnerabilities using multiple intelligence sources (OSV, NVD, GHSA, Sonatype), then prioritizes remediation with KEV/EPSS insights and easy-to-read reports — with no API key required for default use.

1K 0 0
alekssadowski95
openpartslibrary

Build machines faster with cheap standard components and ready-to-use CAD files.

963 26 2
    • Data from PyPI, GitHub, ClickHouse, and BigQuery