Hipcheck is a tool for automated assessment of the supply chain risk of software repositories. It is a command line tool for performing these automated assessments, along with the configuration files of the project.
Download from: https://github.com/mitre/hipcheck