I'm working on SourceShield (https://sourceshield.io) - a software supply chain security platform that's fully integrated into developer workflows/tooling (GitHub, AWS, etc.). I just started working on it a few weeks ago, so it's more of a set of tools/PoCs at this point. I'm focusing less on dependency security (which is quite a saturated market - think products like Snyk) and more on the other components of the supply chain: SCM, pipelines, build tooling, integrity validation, etc.