A suite of tools to automate software compliance checks.
-
Updated
Jun 28, 2024 - Kotlin
A suite of tools to automate software compliance checks.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
Rebom by Reliza - Catalog of Software Bills of Materials (SBOMs), demo:
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
🎁 wraps all package managers with a unifying CLI
A secure Multi-Tenant, Cloud Native, Micro Service application management platform
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
Nix CycloneDX Software Bills of Materials (SBOMs)
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."