#

sbom

Here are 275 public repositories matching this topic...

ort

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Updated Jun 28, 2024
Kotlin

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

python security vulnerability vulnerabilities cve hacktoberfest cvss security-automation security-tools devsecops system-tools sbom swrepo sbom-tool

Updated Jun 28, 2024
Python

zarf

defenseunicorns / zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

government docker kubernetes helm docker-registry oci k8s cloud-native dod airgap gitops kustomize sbom k3s cosign

Updated Jun 28, 2024
Go

nexB / scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Updated Jun 28, 2024
Python

cyclonedx-gradle-plugin

CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

gradle owasp gradle-plugin bom spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator

Updated Jun 28, 2024
Java

org-metaeffekt / metaeffekt-documentation-template

vulnerability-assessment sbom vulnerability-monitoring

Updated Jun 28, 2024

relizaio / rebom

Rebom by Reliza - Catalog of Software Bills of Materials (SBOMs), demo:

supply-chain-management sbom cyclonedx

Updated Jun 28, 2024
TypeScript

cyclonedx-rust-cargo

CycloneDX / cyclonedx-rust-cargo

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

rust owasp cargo bom vex spdx bill-of-materials software-bill-of-materials purl package-url cargo-plugin sbom cyclonedx sbom-generator obom mbom saasbom

Updated Jun 28, 2024
Rust

chainloop-dev / chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated Jun 28, 2024
Go

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security

Updated Jun 28, 2024
Go

meta-package-manager

kdeldycke / meta-package-manager

🎁 wraps all package managers with a unifying CLI

Updated Jun 28, 2024
Python

app-mesh

laoshanxi / app-mesh

A secure Multi-Tenant, Cloud Native, Micro Service application management platform

docker kubernetes ldap jwt cron scheduler prometheus-exporter cloud-native arm64 loki alertmanager service-mesh 2fa grafana-datasource sbom pypi-package consul-client

Updated Jun 28, 2024
C++

scanoss / sbom-workbench

The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.

open-source license software-composition-analysis sbom sbom-generator

Updated Jun 28, 2024
TypeScript

nikstur / bombon

Nix CycloneDX Software Bills of Materials (SBOMs)

components nix nixos bom dependencies license spdx bill-of-materials software-bill-of-materials purl sbom cyclonedx sbom-generator

Updated Jun 28, 2024
Rust

dependency-track

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Updated Jun 28, 2024
Java

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

javascript chrome-extension security scanner grunt-plugins firefox-extension build-tool vulnerabilities software-composition-analysis vulnerable-libraries insecure-libraries sbom sbom-generator sbom-tool

Updated Jun 28, 2024
JavaScript

cyclonedx-core-java

CycloneDX / cyclonedx-core-java

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

library owasp bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx obom mbom saasbom

Updated Jun 28, 2024
Java

openclarity / vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

security cloud malware exploits vulnerabilities vulnerability-scanners rootkits agentless leaked-secrets sbom secrets-detection misconfigurations

Updated Jun 28, 2024
Go

fsfe / reuse-tool

reuse is a tool for compliance with the REUSE recommendations.

python licensing linter free-software analyzer reuse spdx copyright sbom fsfe

Updated Jun 28, 2024
Python

kubernetes-sigs / tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

provenance attestation sbom slsa sigstore

Updated Jun 28, 2024
Go

Improve this page

Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."