PyPI Stats

Supply Chain Security Python Packages

Python packages with the GitHub topic supply-chain-security. Sorted by relevance, with stars and monthly downloads.
msaad00
agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

22K 19 6
owasp-dep-scan
owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

18K 1K 129
owasp-dep-scan
ds-analysis-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

14K 1K 129
owasp-dep-scan
ds-xbom-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

14K 1K 129
owasp-dep-scan
ds-reporting-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

14K 1K 129
owasp-dep-scan
blint

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

13K 445 45
gautamvarmadatla
mcpsafetywarden

MCP servers expose tools with no information about what they actually do at runtime. mcpsafetywarden sits between your agent and any MCP server, profiling tool behavior, blocking destructive calls, and running active security audits before you trust them in a workflow.

10K 6 1
sunglasses-dev
sunglasses

Sunglasses for AI agents. Protection layer + neighborhood watch.

10K 1 1
Project-Navi
navi-sanitize

Deterministic input sanitization for untrusted text — invisible characters, homoglyphs, and encoding tricks, handled before your code sees them. Zero dependencies, no ML. Python 3.12+.

9K 2 0
shcherbak-ai
tethered

tethered — Runtime network egress control for Python. One function call to restrict which hosts your code can connect to.

9K 8 0
Rul1an
assay-it

CI-native evidence compiler for agent systems: MCP policy enforcement, evidence receipts, Trust Basis claims, and reviewable artifacts.

7K 1 2
sattyamjjain
agent-audit-kit

Security scanner for MCP-connected AI agent pipelines — 77 rules, 13 scanners, OWASP Agentic 10/10, GitHub Action, SARIF, compliance mapping

6K 5 0
appthreat
appthreat-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

6K 1K 129
Halfblood-Prince
trustcheck

Verify PyPI package attestations and improve Python supply-chain security

5K 54 1
squid-protocol
gitgalaxy

An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity

5K 22 0
adudley78
mcp-audit-scanner

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, credential exposure, supply chain risks, and more.

3K 1 0
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

3K 0 0
Lab700xOrg
aisbom-cli

AI SBOM: AI Software Bill of Materials - The Supply Chain for Artificial Intelligence

3K 70 3
tankpkg
tank-core

Security-first package manager for AI agent skills

3K 27 4
invariant-systems-ai
aiir

AI Integrity Receipts — generate, verify, and attest cryptographic receipts for commits with declared AI involvement. Release verification with SLSA-compatible VSA. Zero dependencies. Apache 2.0.

3K 4 0
solvyx-dev
sentro

Sentro — scan Python packages for malicious code, typosquatting & supply-chain attacks before install. Docs: sentro-docs.onrender.com

3K 1 0
tankpkg
tank-sdk

Security-first package manager for AI agent skills

2K 27 4
qualixar
skillfortify

First formal security scanner for AI agent skills & plugins. Static analysis, supply chain verification, SBOM generation. 22 frameworks supported including MCP, LangChain, CrewAI.

2K 18 1
arsbr
veritensor

Antivirus for the AI Supply Chain. Scans models, datasets, notebooks, and RAG documents for threats.

2K 73 5