MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
-
Updated
Dec 5, 2023 - Python
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
GitHub Action to analyze Pull Requests for open-source supply chain issues
ThunderaBSA is a Binary Static Analysis tool
gradle pipeline
blackduck findbugs gradle githubactions
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
CLI Security Tool for SAST & SCA
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
Software Composition and Dependencies devroom - FOSDEM 2022
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
Sharing software supply chain security open source projects
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."