cyclonedx

Here are 126 public repositories matching this topic...

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security

Updated Jun 11, 2024
Go

anchore / syft

Star

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go docker golang tool containers static-analysis oci spdx hacktoberfest sbom cyclonedx

Updated Jun 11, 2024
Go

oss-review-toolkit / ort

Star

A suite of tools to automate software compliance checks.

Updated Jun 11, 2024
Kotlin

siemens / continuous-clearing

Star

The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian/Maven/Python/Conan/Aipine project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing.

python docker npm maven nuget alpine container conan nuget-package sbom cyclonedx license-clearing

Updated Jun 11, 2024
C#

chainloop-dev / chainloop

Star

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated Jun 11, 2024
Go

interlynk-io / sbomqs

Star

SBOM quality score - Quality metrics for your sboms

go golang spdx security-tools sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-quality sbom-score sbom-samples

Updated Jun 11, 2024
Go

CycloneDX / cyclonedx.org

Star

Public website cyclonedx.org

owasp cyclonedx

Updated Jun 10, 2024
HTML

CycloneDX / cyclonedx-python

Star

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

python environment poetry conda owasp python3 pip bom spdx requirements bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator sbom-tool

Updated Jun 10, 2024
Python

LLNL / Surfactant

Star

Modular framework for SBOM generation that gathers file information and analyzes dependencies

python tool static-analysis dependency-analysis dependency-graph python3 dependencies spdx hacktoberfest software-composition-analysis software-bill-of-materials sbom cyclonedx sbom-generator

Updated Jun 10, 2024
Python

CycloneDX / cdxgen

Star

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

docker containers supply-chain owasp bom oci sca software-bill-of-materials purl package-url sbom cyclonedx saasbom cbom

Updated Jun 10, 2024
JavaScript

anchore / grype

Star

A vulnerability scanner for container images and filesystems

go docker golang security tool containers static-analysis oci vulnerability vex vulnerabilities hacktoberfest container-image cyclonedx openvex

Updated Jun 11, 2024
Go

nexB / scancode-toolkit

Sponsor

Star

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!