Skip to content
/ hoppr-cop Public

Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab

License

MIT license
17 stars 3 forks Branches Tags Activity
Star
Notifications

lmco/hoppr-cop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,109 Commits

.github/workflows

.github/workflows

 
 

ci

ci

 
 

docs

docs

 
 

hoppr-integration-test

hoppr-integration-test

 
 

hopprcop

hopprcop

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

.gitpod.yml

.gitpod.yml

 
 

.pre-commit-config.yml

.pre-commit-config.yml

 
 

.pylintrc

.pylintrc

 
 

.releaserc.yml

.releaserc.yml

 
 

Dockerfile

Dockerfile

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

image.png

image.png

 
 

mkdocs.yml

mkdocs.yml

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

renovate.json

renovate.json

 
 

sbom.json

sbom.json

 
 

Repository files navigation

Hoppr-Cop

For Policing Your SBOM Vulnerabilities

Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is offered as part of the hoppr ecosystem, however it is fully functional as a standalone cli or python library.

For more information please see the project documentation

Project Status

Initial Release

Features

Why

SBOMs provide an ideal way to inventory all the dependencies in a project. A project's vulnerabilities should be monitored on a regular basis. hoppr-cop provides an easy mechanism to keep your vulnerability information up to date without regenerating an SBOM. The vex and html reports provide an ideal way to communicate vulnerability status to users, even in disconnected networks.

Why Use Multiple Scanners

  • Provides broad coverage of the upstream vulnerability data sources. You can see the full details of the data-sources here. Gitlab and Sonotype provide their own vulnerability reporting that you won't get elsewhere.
  • Provides much better coverage of a variety of package manager types. Each bom scanner has package managers that it excels at scanning, and some that it does a poor job of. Additionally, each product supports a different set of package ecosystems.
  • Seeing that multiple datasources agree on a finding, improves confidence that the finding is not a false positive.
  • Combining information from multiple sources leads to more complete and accurate information for each vulnerability identified, leading to quicker resolutions.

Demo

Documentation

For more information please see the project documentation

About

Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab

Topics

cybersecurity vulnerability-detection vulnerability-scanners sbom supply-chain-security

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

17 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases

36 tags

Contributors 9

Languages