Chain-bench is an open source tool created by Aqua Security for auditing software security supply chains. It is based on the CIS Software Suppy Chain benchmark and is part of the Trivy family of solutions.
It audits the entire software development life cycle to look for risks from coding to production.
According to Aqua Security, one of the main ways to protect your company’s data and systems against hackers is to ensure the code is in compliance with your company’s security policies.
The main way of using Chain-bench is as its own standalone CLI. To set it up, you will need to provide an access token for your account and repository URL so that it can access your supply chain management (SCM).
Aqua Security’s future plans for the tool include increasing benchmark coverage and supporting more platforms.
You can find the project on GitHub here.