Supply Chain Security Python Packages

agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

23K 19 6

owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

18K 1K 129

ds-analysis-lib

14K 1K 129

ds-xbom-lib

14K 1K 129

ds-reporting-lib

14K 1K 129

blint

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

13K 445 45

mcpsafetywarden

MCP servers expose tools with no information about what they actually do at runtime. mcpsafetywarden sits between your agent and any MCP server, profiling tool behavior, blocking destructive calls, and running active security audits before you trust them in a workflow.

10K 6 1

sunglasses

Sunglasses for AI agents. Protection layer + neighborhood watch.

9K 1 1

tethered

tethered — Runtime network egress control for Python. One function call to restrict which hosts your code can connect to.

8K 8 0

navi-sanitize

Deterministic input sanitization for untrusted text — invisible characters, homoglyphs, and encoding tricks, handled before your code sees them. Zero dependencies, no ML. Python 3.12+.

7K 2 0

assay-it

CI-native evidence compiler for agent systems: MCP policy enforcement, evidence receipts, Trust Basis claims, and reviewable artifacts.

7K 1 2

trustcheck

Verify PyPI package attestations and improve Python supply-chain security

5K 54 1

appthreat-depscan

5K 1K 129

agent-audit-kit

Security scanner for MCP-connected AI agent pipelines — 77 rules, 13 scanners, OWASP Agentic 10/10, GitHub Action, SARIF, compliance mapping

5K 5 0

gitgalaxy

An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity

5K 22 0

mcp-audit-scanner

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, credential exposure, supply chain risks, and more.

3K 1 0

tank-core

Security-first package manager for AI agent skills

3K 27 4

securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

3K 0 0

aisbom-cli

AI SBOM: AI Software Bill of Materials - The Supply Chain for Artificial Intelligence

3K 70 3

aiir

AI Integrity Receipts — generate, verify, and attest cryptographic receipts for commits with declared AI involvement. Release verification with SLSA-compatible VSA. Zero dependencies. Apache 2.0.

3K 4 0

sentro

Sentro — scan Python packages for malicious code, typosquatting & supply-chain attacks before install. Docs: sentro-docs.onrender.com

3K 1 0

tank-sdk

Security-first package manager for AI agent skills

2K 27 4

arcis

One-line security middleware for Node.js and Python. XSS, SQLi, SSRF, rate limiting, CORS, security headers

2K 5 0

skillfortify

First formal security scanner for AI agent skills & plugins. Static analysis, supply chain verification, SBOM generation. 22 frameworks supported including MCP, LangChain, CrewAI.

2K 18 1

Search Packages