Supply Chain Python Packages

pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

sigstore

A Sigstore client written in Python

in-toto

in-toto is a framework to protect supply chain integrity.

ochrona

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

stillrunning

Enterprise security and monitoring for developers. pip install stillrunning

skjold

Security audit Python project dependencies against security advisory databases.

model-signing

Supply chain security for ML

stockpyl

Python inventory optimization and simulation tools.

deepbullwhip

Multi-tier supply chain bullwhip effect simulator

ai-bom-mcp

AI Bill of Materials (AI-BOM) generator + auditor MCP — CycloneDX ML-BOM, SPDX 3.0 AI profile, EU AI Act Annex IV mapping, NIST AI RMF alignment, US EO 14028 federal procurement. By MEOK AI Labs.

pyraider

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

aztec-py

Pure-Python Aztec Code barcode generator — GS1 2027 compliant, IATA BCBP, batch encoding, SVG/PDF/PNG, CLI. Zero deps. ISO 24778.

pip-abandoned

📦 Search for abandoned and deprecated python packages

openpartslibrary

OpenPartsLibrary is a Python library designed to serve as a centralized parts database for Bill of Materials (BOM), Product Data Management (PDM), and Product Lifecycle Management (PLM) systems.

tap-socketdev

Singer tap for Socket, built with the Meltano SDK for Singer Taps.

gitxray

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

otterdog

OtterDog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively used by the Eclipse Foundation to manage its numerous projects hosted on GitHub.

chainjacking

Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks

pyscitt

Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)

packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

ospac

Open Source Policy as Code - License compliance policy engine

or-gym

Environments for OR and RL Research

pkl-inspector

Static analysis for Python pickle files — detects malicious code without executing it. Patent Pending.

x12-python

The ultimate Python toolkit for X12 EDI processing. Parse, validate, and generate healthcare (837, 835, 270/271) and supply chain (850, 856, 810) transactions with HIPAA compliance.