PyRank

Supply Chain Python Packages

Python packages with the GitHub topic supply-chain. Sorted by relevance, with stars and monthly downloads.
pypa
pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

16.2M 1K 94
sigstore
sigstore

A Sigstore client written in Python

609K 318 78
in-toto
in-toto

in-toto is a framework to protect supply chain integrity.

60K 999 155
ochronasec
ochrona

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

16K 51 8
sigstore
model-signing

Supply chain security for ML

12K 233 59
twu
skjold

Security audit Python project dependencies against security advisory databases.

8K 67 13
LarrySnyder
stockpyl

Python inventory optimization and simulation tools.

5K 162 30
johhnyg
stillrunning

Enterprise security and monitoring for developers. pip install stillrunning

5K 0 0
temurkhan13
openclaw-skill-vetter-mcp

MCP server for security-vetting third-party AI agent extensions before installation — Claude skills, plugins, tool packs. 41 detection rules across prompt-injection, exfiltration, dynamic execution, typosquats. 0-100 risk score.

4K 0 0
kirankotari
ossguard

OSSGuard Python implementation — reference CLI with Rich UI (pip install ossguard)

3K 2 0
eclipse-csi
otterdog

Tool to manage GitHub organizations and their repositories.

2K 47 19
artiso-ai
dppvalidator

dppvalidator is the "GDPR compliance engine" for physical products, enforcing the strict digital syntax required for the EU's Digital Product Passport.

2K 8 0
alekssadowski95
openpartslibrary

Python library for creating a database of hardware components for manufacturing

1K 9 2
chris48s
pip-abandoned

📦 Search for abandoned and deprecated python packages

1K 9 0
tilakthimmappa
pyraider

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

946 18 0
reservoir-data
tap-socketdev

Singer tap for socket.dev

821 0 0
checkmarx
chainjacking

A tool to scan your direct GitHub dependencies for Go and find ones susceptible to ChainJacking attack

800 63 15
kulkansecurity
gitxray

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

720 181 14
ai-vnv
deepbullwhip

Multi-tier supply chain bullwhip effect simulator

707 0 0
plusultra-tools
cra-sbom-evidence

CRA Article 14 evidence pack from your SBOM and VEX feeds. Every clause cited verbatim. Every output hashed.

600 0 0
greyllmmoder
aztec-py

GS1 2027-compliant pure-Python Aztec Code generator. FLG(0) Reader Initialisation, batch encoding, SVG/PDF/PNG, CLI, boarding passes, GS1 labels. ISO 24778.

532 1 0
ag7982
macro-supply-signals

Macro-economic indicator library for supply-chain signals

437 0 0
hubbs5
or-gym

OR-Gym: A set of environments for developing reinforcement learning agents for OR problems.

436 442 98
copyleftdev
x12-python

The ultimate Python toolkit for X12 EDI processing

433 4 0