#

spdx

Here are 172 public repositories matching this topic...

syft

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go docker golang tool containers static-analysis oci spdx hacktoberfest sbom cyclonedx

Updated May 1, 2024
Go

nexB / scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Updated May 1, 2024
Python

ort

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Updated Apr 30, 2024
Kotlin

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security

Updated Apr 11, 2024
Go

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security

Updated Mar 12, 2024
Python

fossology / fossology

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

oss compliance license spdx license-management fossology spdx-licenses license-checking license-scan compliance-check compliance-automation

Updated Apr 25, 2024
PHP

package-url / purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

url package dependencies spdx package-management purl package-url sbom cyclonedx

Updated Apr 17, 2024

EmbarkStudios / cargo-about

📜 Cargo plugin to generate list of all licenses for a crate 🦀

rust licensing rust-lang cargo spdx hacktoberfest license-checking cargo-plugin

Updated Jan 23, 2024
Rust

spdx / license-list-data

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

licensing json rdfa html-format spdx licenses

Updated Apr 24, 2024
HTML

bomber

devops-kung-fu / bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

golang security oss supply-chain spdx vulnerability-scanners security-automation security-tools devsecops supplychain syft sbom gomodule cyclonedx

Updated Apr 30, 2024
Go

fsfe / reuse-tool

reuse is a tool for compliance with the REUSE recommendations.

python licensing linter free-software analyzer reuse spdx copyright sbom fsfe

Updated Apr 28, 2024
Python

specification

CycloneDX / specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Updated Apr 26, 2024
XSLT

chainloop-dev / chainloop

Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated May 1, 2024
Go

bom

kubernetes-sigs / bom

A utility to generate SPDX-compliant Bill of Materials manifests

go kubernetes golang bom spdx sbom

Updated May 1, 2024
Go

cyclonedx-maven-plugin

CycloneDX / cyclonedx-maven-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

maven owasp maven-plugin bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated Apr 25, 2024
Java

spdx / spdx-spec

The SPDX specification in MarkDown and HTML formats.

specification spdx licenses linux-foundation software-package-data-exchange

Updated May 1, 2024
Python

cyclonedx-cli

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

owasp bom vex spdx hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated Feb 2, 2024
C#

src-d / go-license-detector

Reliable project licenses detector.

spdx spdx-license license-management spdx-licenses license-scan

Updated Jun 9, 2023
Go

cyclonedx-python

CycloneDX / cyclonedx-python

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

python environment poetry conda owasp python3 pip bom spdx requirements bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator sbom-tool

Updated May 1, 2024
Python

raftario / licensor

write licenses to stdout

cli licensing license spdx

Updated Jan 30, 2023
Rust

Improve this page

Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."