GitHub Action to analyze Pull Requests for open-source supply chain issues
-
Updated
Jan 27, 2022 - Python
#
software-composition-analysis
Here are 50 public repositories matching this topic...
ThunderaBSA is a Binary Static Analysis tool
-
Updated
Feb 26, 2024 - Python
blackduck findbugs gradle githubactions
gradle
findbugs
static-analysis
devsecops
software-composition-analysis
blackduck
githubactions
license-compliance-risk
-
Updated
Mar 3, 2022 - Shell
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
-
Updated
May 10, 2024 - C#
gradle pipeline
coveralls
pipeline
gradle
findbugs
pmd
checkstyle
static-analysis
sonarqube
junit
jacoco
codecov
code-coverage
software-composition-analysis
blackduck
sast
sdkman
static-application-security-testing
-
Updated
Mar 3, 2022 - Java
Python library for querying OSS Index
-
Updated
Dec 19, 2023 - Python
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
security
devops
security-audit
scala
sbt
static-analysis
owasp
vulnerabilities
cve
appsec
nvd
software-security
owasp-dependencycheck
vulnerability-scanners
security-automation
devsecops
software-composition-analysis
-
Updated
May 14, 2021 - Shell
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
-
Updated
Apr 17, 2024 - C
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
-
Updated
Jan 16, 2024
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
-
Updated
Mar 12, 2022 - Python
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
-
Updated
May 21, 2024 - TypeScript
CLI Security Tool for SAST & SCA
-
Updated
Apr 21, 2024 - Python
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
python
aws-lambda
serverless
realtime
appsec
aws-security
python-security
continuous-security
devsecops
software-composition-analysis
cloud-security
sast
security-hub
static-application-security-testing
-
Updated
Jan 20, 2021 - Python
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
security
third-party-libraries
bom
appsec
sca
licenses
software-composition-analysis
license-compliance
sbom
-
Updated
Apr 23, 2024 - Java
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
-
Updated
Dec 5, 2023 - Python
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
-
Updated
Sep 5, 2020 - Go
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
-
Updated
Jul 19, 2023 - Python
Software Composition and Dependencies devroom - FOSDEM 2022
-
Updated
Dec 20, 2021
Modular framework for SBOM generation that gathers file information and analyzes dependencies
python
tool
static-analysis
dependency-analysis
dependency-graph
python3
dependencies
spdx
hacktoberfest
software-composition-analysis
software-bill-of-materials
sbom
cyclonedx
sbom-generator
-
Updated
May 21, 2024 - Python
Get Dependabot Alerts from a repo
-
Updated
Jan 22, 2022 - JavaScript
Improve this page
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."