macOS
brew install chain-benchlocal Homebrew formula metadata
brew
Software supply chain auditing tool based on CIS benchmark. Version 0.1.10 via Homebrew; verified from local package data.
install
brew install chain-benchlocal Homebrew formula metadata
nix profile install nixpkgs#chain-benchnixpkgs package indexes · pkgs/by-name/ch/chain-bench/package.nix · source: api.github.com
overview
Software supply chain auditing tool based on CIS benchmark
history
Chain-bench is Aqua Security's open-source CLI for auditing software supply-chain posture against the CIS Software Supply Chain Security Guide. Its history is bound to the 2022 CIS/Aqua push to make supply-chain controls measurable across source code, build pipelines, dependencies, artifacts, and deployment.
Aqua announced Chain-bench on June 22, 2022 alongside the CIS Software Supply Chain Security Guide, describing it as an open-source auditing tool for the new CIS guidelines. The official README says Chain-bench scans the software delivery lifecycle from code time through deploy time and implements CIS Software Supply Chain Benchmark checks.
The official README documents installation through Homebrew, Nix, Docker, GitHub releases, and GitHub Actions, with GitLab CI support described as beta. Aqua's July 2022 blog also listed GitHub Action, Docker image, executable releases, and NixOS package routes, showing the project was designed to be consumed both locally and in CI.
Users provide a repository URL and an SCM access token, then run chain-bench scan to collect organization, repository, branch protection, member, and pipeline settings and report pass/fail results for CIS controls. The README documents GitHub and GitLab SCM support, personal access token requirements, Docker usage, and CI integration.
Chain-bench is interesting to package maintainers because it packages a compliance benchmark as a CLI, Docker image, GitHub Action, and distro package instead of only as a SaaS feature. That makes it part of the post-SolarWinds/log4j supply-chain tooling wave where checklists became runnable developer tools.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
chain-bench | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/aquasecurity/chain-bench
install metadata
| Package key | brew:chain-bench |
|---|---|
| Version | 0.1.10 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/chain-bench |
| Homepage | https://github.com/aquasecurity/chain-bench |
| Repository | https://github.com/aquasecurity/chain-bench |
| Upstream docs | https://aquasecurity.github.io/chain-bench |
| License | Apache-2.0 |
| Source archive | https://github.com/aquasecurity/chain-bench/archive/refs/tags/v0.1.10.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | chain-bench |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
chain-bench
nix profile install nixpkgs#chain-benchsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.