awesome-software-supply-chain-security

Compilation of articles and utils about Software Supply Chain Security

Dependency Confusion

• Dependency Confusion: Detection and risk mitigation (article)
• Using SBOMs to detect possible Dependency Confusion (article)
• Python script to find Dependency Confusion using SBOM (utils)

Revival Hijack

• Revival Hijacking: How Deleted PyPI Packages Become Threats (article)
• Deleted & Revived PyPI Package Indexes (utils)

Malicious packages

• Malicious Packages in NPM and PyPI: How Typosquatting Threatens Developers (article)