SupplyShield is an application security orchestration tool for DevSecOps requirements.
SupplyShield leverages primarily the following tools:
- cdxgen: For generating codebase SBOM
- osv: SCA database for cdxgen
- syft: For generating docker container SBOM
- grype: For generating docker container SCA
- ScancodeIO: Pipeline for SupplyShield scans
- Semgrep: SAST Engine
SupplyShield is under active development, releases are available under the "releases" section on GitHub.
Read more about SupplyShield at [docs](./docs/_build/html)
SupplyShield tech stack is Python, Flask, PostgreSQL and Docker and several libraries.
Copyright (c) SupplyShield and others. All rights reserved.