GitHub Action to analyze Pull Requests for open-source supply chain issues
-
Updated
Jan 27, 2022 - Python
GitHub Action to analyze Pull Requests for open-source supply chain issues
ThunderaBSA is a Binary Static Analysis tool
blackduck findbugs gradle githubactions
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
gradle pipeline
Python library for querying OSS Index
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
CLI Security Tool for SAST & SCA
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
Software Composition and Dependencies devroom - FOSDEM 2022
Modular framework for SBOM generation that gathers file information and analyzes dependencies
Get Dependabot Alerts from a repo
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."