cyclonedx

Star

Here are 122 public repositories matching this topic...

oss-review-toolkit / ort

Star

A suite of tools to automate software compliance checks.

Updated May 22, 2024
Kotlin

chainloop-dev / chainloop

Star

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated May 22, 2024
Go

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Updated May 22, 2024
Java

anchore / syft

Star

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go docker golang tool containers static-analysis oci spdx hacktoberfest sbom cyclonedx

Updated May 22, 2024
Go

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

docker containers supply-chain owasp bom oci sca software-bill-of-materials purl package-url sbom cyclonedx saasbom mlbom

Updated May 22, 2024
JavaScript

CycloneDX / cyclonedx-rust-cargo

Star

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

rust owasp cargo bom vex spdx bill-of-materials software-bill-of-materials purl package-url cargo-plugin sbom cyclonedx sbom-generator obom mbom saasbom

Updated May 22, 2024
Rust

LLNL / Surfactant

Star

Modular framework for SBOM generation that gathers file information and analyzes dependencies

python tool static-analysis dependency-analysis dependency-graph python3 dependencies spdx hacktoberfest software-composition-analysis software-bill-of-materials sbom cyclonedx sbom-generator

Updated May 21, 2024
Python

CycloneDX / cyclonedx-cli

Star

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

owasp bom vex spdx hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated May 21, 2024
C#

CycloneDX / cyclonedx-node-yarn

Star

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

nodejs node yarn bom bill-of-materials software-bill-of-materials sbom cyclonedx yarn-plugin sbom-generator sbom-tool

Updated May 21, 2024
JavaScript

CycloneDX / cyclonedx-javascript-library

Star

Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.

Updated May 21, 2024
TypeScript

nexB / scancode.io

Sponsor

Star

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

docker open-source virtual-machine vulnerabilities license spdx sca scancode software-composition-analysis purl package-url cyclonedx foss-compliance

Updated May 22, 2024
Python

nexB / dejacode

Sponsor

Star

Automate open source license compliance and ensure software supply chain integrity

open-source vulnerabilities license spdx sca scancode purl package-url cyclonedx foss-compliance

Updated May 21, 2024
Python

anchore / grype

Star

A vulnerability scanner for container images and filesystems

go docker golang security tool containers static-analysis oci vulnerability vex vulnerabilities hacktoberfest container-image cyclonedx openvex

Updated May 21, 2024
Go

nexB / scancode-toolkit

Sponsor

Star

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Updated May 22, 2024
Python

interlynk-io / sbomqs

Star

SBOM quality score - Quality metrics for your sboms

go golang spdx security-tools sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-quality sbom-score sbom-samples

Updated May 20, 2024
Go

CycloneDX / cyclonedx-dotnet-library

Star

.NET library to consume and produce CycloneDX Software Bill of Materials (SBOM)

dotnet nuget owasp bom dotnet-core vex bill-of-materials software-bill-of-materials sbom cyclonedx obom mbom saasbom

Updated May 20, 2024
C#

tweag / genealogos

Star

Genealogos, a Nix sbom generator

nix sbom cyclonedx sbom-generator

Updated May 20, 2024
Rust

owasp-dep-scan / blint

Star

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary malware fuzzing supply-chain-analytics sbom cyclonedx supply-chain-security depscan