chain-bench
« Back to VersTracker
Description:
Software supply chain auditing tool based on CIS benchmark
Type: Formula  |  Latest Version: 0.1.10@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security supply-chain auditing devops compliance
Install: brew install chain-bench
About:
Chain-bench is an open-source auditing tool designed to assess the security posture of software supply chains. It evaluates build and publishing pipelines against the CIS (Center for Internet Security) Software Supply Chain benchmark, identifying misconfigurations and compliance gaps. The tool provides actionable insights to help organizations harden their CI/CD processes and enhance overall security.
Key Features:
  • Checks GitHub Actions workflows for security best practices
  • Validates container image build configurations
  • Audits source code management (SCM) settings
  • Provides actionable remediation advice
  • Outputs results in JSON or human-readable formats
Use Cases:
  • Auditing CI/CD pipelines for compliance with security standards
  • Identifying supply chain vulnerabilities in open-source projects
  • Hardening GitHub repository and workflow configurations
Alternatives:
  • SLSA Framework Tools – SLSA provides a framework and specifications for supply chain integrity, while chain-bench offers a concrete implementation for auditing existing setups against specific CIS benchmarks.
  • OpenSSF Scorecard – Scorecard evaluates open-source project security practices broadly, whereas chain-bench focuses specifically on the technical implementation of build and publish pipelines.
Version History
Detected Version Rev Change Commit
Oct 10, 2025 3:00am 0 VERSION_BUMP e742185a
Sep 13, 2025 7:56am 0 VERSION_BUMP 6b044d49