Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
-
Updated
Oct 27, 2022
Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
Lockheed Martin developed common library to combine multiple SBOMs
The Clearing Automation Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian project and uploads it to SW360 and Fossology
@jQAssistant plugin to scan and analyze CycloneDX files (e.g. SBOM).
Packages dependencies & vulnerabilities inventory for containers
header_docu - file header parser for SBOM SPDX/CycloneDX
User interface for BOM-bar
A simple SBOM generator for applications deployed with ArgoCD
Runtime library to serialize/deserialize CycloneDX BOM with protocol buffers
An example project that demonstrates how to automate a release with SBOM generation using Syft
Bitbucket pipe to generate a CycloneDX sBOM for Java, Go, Python & Node projects
Nitro fork of archived repo https://github.com/CycloneDX/cyclonedx-conan with changes required to work with our conan version.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."