sbom

Star

Here are 263 public repositories matching this topic...

defenseunicorns / zarf

Star

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

government docker kubernetes helm docker-registry oci k8s cloud-native dod airgap gitops kustomize sbom k3s cosign

Updated May 22, 2024
Go

oss-review-toolkit / ort

Star

A suite of tools to automate software compliance checks.

Updated May 22, 2024
Kotlin

chainloop-dev / chainloop

Star

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated May 22, 2024
Go

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Updated May 22, 2024
Java

laoshanxi / app-mesh

Star

A secure Multi-Tenant, Cloud Native, Micro Service application management platform

docker kubernetes ldap jwt cron scheduler prometheus-exporter cloud-native arm64 loki alertmanager service-mesh 2fa grafana-datasource sbom pypi-package consul-client

Updated May 22, 2024
C++

anchore / syft

Star

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go docker golang tool containers static-analysis oci spdx hacktoberfest sbom cyclonedx

Updated May 22, 2024
Go

openclarity / vmclarity

Star

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

security cloud malware exploits vulnerabilities vulnerability-scanners rootkits agentless leaked-secrets sbom secrets-detection misconfigurations

Updated May 22, 2024
Go

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

docker containers supply-chain owasp bom oci sca software-bill-of-materials purl package-url sbom cyclonedx saasbom mlbom

Updated May 22, 2024
JavaScript

JamieMagee / stethoscope

Star

Inventory container image packages in .NET

docker containers container docker-daemon container-image software-bill-of-materials sbom

Updated May 22, 2024
C#

CycloneDX / cyclonedx-rust-cargo

Star

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

rust owasp cargo bom vex spdx bill-of-materials software-bill-of-materials purl package-url cargo-plugin sbom cyclonedx sbom-generator obom mbom saasbom

Updated May 22, 2024
Rust

LLNL / Surfactant

Star

Modular framework for SBOM generation that gathers file information and analyzes dependencies

python tool static-analysis dependency-analysis dependency-graph python3 dependencies spdx hacktoberfest software-composition-analysis software-bill-of-materials sbom cyclonedx sbom-generator

Updated May 21, 2024
Python

CycloneDX / cyclonedx-cli

Star

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

owasp bom vex spdx hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated May 21, 2024
C#

CycloneDX / cyclonedx-node-yarn

Star

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

nodejs node yarn bom bill-of-materials software-bill-of-materials sbom cyclonedx yarn-plugin sbom-generator sbom-tool

Updated May 21, 2024
JavaScript

microsoft / sbom-tool

Star

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

sbom sbom-generator

Updated May 21, 2024
C#

intel / cve-bin-tool

Star

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.