Welcome to Hipcheck Discussions!

[alilleybrinker]

Hello, and welcome to the Hipcheck Discussions page!

Hipcheck is an open source tool for automated supply chain risk assessment of software repositories. It works by assessing both the indicators of secure software development practices and by trying to detect active supply chain attacks.

We're very interested in trying to make Hipcheck the best tool it can be! If you have any ideas, including architectural / design recommendations or criticisms, recommendations for new analyses to incorporate or improvements to existing analyses, ideas for Hipcheck's output and how it can better support operational use, questions about deploying Hipcheck in CI/CD or other contexts, or anything else, please share them here!