An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.