Metadata-Version: 2.4
Name: sscs-monitor
Version: 0.1.0
Summary: Python package for software supply chain monitoring
License: MIT
License-File: LICENSE
Author: Gary
Author-email: gfs7337@nyu.edu
Requires-Python: >=3.9,<3.14
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: cryptography (>=46.0.3,<47.0.0)
Requires-Dist: requests (>=2.31,<3.0)
Description-Content-Type: text/markdown

## Software Supply Chain Security – Assignment 1

## Project Description
This repository contains the assignment for *Software Supply Chain Security – Assignment 1*.
The goal of this project is to explore and demonstrate key concepts of securing the software supply chain — including managing dependencies, verifying artifact provenance, protecting the build and deployment pipeline, and reducing risk >
The code and configurations here serve as a practical implementation and learning exercise for these supply-chain security topics.

---

## Installation Steps
Follow these steps to install and set up the project:

1. **Clone the repository**
   ```bash
   git clone https://github.com/gfs7337/Software-Supply-Chain-Security-Assignment-1.git
   cd Software-Supply-Chain-Security-Assignment-1

2. Ensure you have the correct runtime environment

        Example: Python 3.x or Node.js 14+

        Make sure the package manager (e.g., pip, npm) is installed
3. Install dependencies
        # For Python projects
        pip install -r requirements.txt

Dependencies

        Primary dependencies:

        Runtime: Node.js 16+ or Python 3.10+ (depending on project)

        Key libraries (examples):

        express

        lodash

        requests

        pytest

Build / tooling dependencies:

        webpack

        babel

        docker

        gradle or maven (if applicable)

Security and Supply Chain Tools:

        Dependency scanning

        Artifact signing

        CI/CD provenance tracking

Author

Created by GFS7337

