88 results found Sort:

anchore
syft anchore
577
6.3k
apache-2.0
59
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
go oci sbom spdx tool docker golang cyclonedx containers hacktoberfest static-analysis
Created 2020-05-07
2,473 commits to main branch, last one 21 hours ago
RetireJS
retire.js RetireJS
417
3.7k
other
83
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
sbom scanner security sbom-tool build-tool javascript grunt-plugins sbom-generator vulnerabilities chrome-extension firefox-extension insecure-libraries vulnerable-libraries software-composition-analysis
Created 2013-08-30
997 commits to master branch, last one a day ago
DependencyTrack
dependency-track DependencyTrack
579
2.7k
apache-2.0
69
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
bom nvd sca purl sbom owasp appsec ossindex security cyclonedx devsecops package-url hacktoberfest vulnerabilities bill-of-materials software-security component-analysis security-automation vulnerability-detection software-composition-analysis
Created 2013-07-16
5,577 commits to master branch, last one 22 hours ago
e-m-b-a
emba e-m-b-a
234
2.7k
gpl-3.0
44
EMBA - The firmware security analyzer
iot sbom linux hacking infosec firmware security pentesting embedded-linux firmware-tools security-tools binary-analysis static-analyzer embedded-systems firmware-analysis penetration-testing reverse-engineering vulnerability-scanner vulnerability-scanners artificial-intelligence
Created 2020-08-25
5,523 commits to master branch, last one 2 days ago
aboutcode-org
scancode-toolkit aboutcode-org
552
2.1k
unknown
71
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
sca purl sbom spdx license packages copyright cyclonedx licensing provenance package-url dependencies license-scan spdx-licenses copyright-scan oss-compliance dependency-graph license-checking open-source-licensing software-composition-analysis
Created 2015-07-01
11,324 commits to develop branch, last one 6 days ago
HummerRisk
HummerRisk HummerRisk
296
1.8k
gpl-3.0
111
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cspm sbom trivy prowler security compliance cloud-native k8s-security vulnerability cloud-custodian compliance-as-code kubernetes-security cloud-native-security
Created 2022-06-03
3,116 commits to master branch, last one about a year ago
microsoft
sbom-tool microsoft
133
1.6k
mit
26
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
sbom sbom-generator
Created 2022-06-01
359 commits to main branch, last one 18 hours ago
oss-review-toolkit
ort oss-review-toolkit
311
1.6k
apache-2.0
40
A suite of tools to automate software compliance checks.
sca ospo sbom spdx license copyright cyclonedx compliance dependencies license-scan package-scan hacktoberfest copyright-scan oss-compliance sbom-generator package-manager dependency-graph license-checking license-management open-source-licensing
Created 2017-10-19
16,730 commits to main branch, last one 19 hours ago
lunasec-io
lunasec lunasec-io
164
1.4k
other
29
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
gdpr sbom soc2 pci-dss scanning security devsecops log4shell compliance zero-trust cve-scanning tokenization web-security cybersecurity scanning-tool sbom-generator security-tools continuous-delivery dependency-analysis software-composition-analysis
Created 2021-03-16
3,454 commits to master branch, last one 6 months ago
zarf-dev
zarf zarf-dev
172
1.4k
apache-2.0
19
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
dod k3s k8s oci helm sbom airgap cosign docker gitops kustomize government kubernetes cloud-native docker-registry
Created 2021-08-23
2,089 commits to main branch, last one a day ago
openclarity
openclarity openclarity
166
1.4k
apache-2.0
32
OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure
sbom cloud malware scanner exploits rootkits security kubernetes supply-chain leaked-secrets virtual-machine vulnerabilities
Created 2020-03-22
1,998 commits to main branch, last one a day ago
intel
cve-bin-tool intel
464
1.2k
gpl-3.0
31
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
cve cvss sbom python swrepo security devsecops sbom-tool system-tools hacktoberfest vulnerability security-tools vulnerabilities security-automation
Created 2019-01-11
2,912 commits to main branch, last one a day ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
115
1.1k
apache-2.0
154
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
990 commits to master branch, last one about a month ago
owasp-dep-scan
dep-scan owasp-dep-scan
98
1.0k
mit
17
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
cve sca vex sbom cyclonedx devsecops compliance containers risk-audit security-audit security-tools dependency-audit dependency-analysis reachability-analysis supply-chain-security vulnerability-scanners
Created 2020-01-28
386 commits to master branch, last one 5 days ago
tern-tools
tern tern-tools
188
967
bsd-2-clause
31
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis
Created 2017-11-27
1,102 commits to main branch, last one 11 months ago
package-url
purl-spec package-url
161
694
other
31
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
url purl sbom spdx package cyclonedx package-url dependencies package-management
Created 2017-11-11
262 commits to master branch, last one 6 days ago
rust-secure-code
cargo-auditable rust-secure-code
30
656
apache-2.0
20
Make production Rust binaries auditable
rust sbom rust-lang cargo-plugin security-audit security-tools cargo-subcommand security-automation
Created 2019-01-12
762 commits to master branch, last one 9 days ago
ARPSyndicate
puncia ARPSyndicate
30
642
mit
12
The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.
sbom exploit cyclonedx sbom-tool subdomain arpsyndicate vulnerability cyclonedx-sbom
Created 2023-09-10
38 commits to master branch, last one about a month ago
CycloneDX
cdxgen CycloneDX
156
583
apache-2.0
17
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
bom oci sca cbom purl sbom owasp docker saasbom cyclonedx containers package-url supply-chain software-bill-of-materials
Created 2019-12-30
1,408 commits to master branch, last one 2 days ago
bitbomdev
minefield bitbomdev
15
525
apache-2.0
67
Graphing SBOM's Fast.
sbom graph airgap roaring-bitmaps supply-chain-security
Created 2024-06-05
127 commits to main branch, last one a day ago
devops-kung-fu
bomber devops-kung-fu
45
516
mpl-2.0
9
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
oss epss sbom spdx syft golang gomodule security cyclonedx devsecops supplychain supply-chain security-tools security-automation vulnerability-scanners
Created 2022-07-08
90 commits to main branch, last one 6 days ago
awesomeSBOM
awesome-sbom awesomeSBOM
63
484
unknown
17
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
sbom awesome awesome-sbom awesome-repos sbom-examples sbom-generator software-bill-of-materials
Created 2021-07-30
63 commits to master branch, last one 12 days ago
kdeldycke
meta-package-manager kdeldycke
33
471
gpl-2.0
13
🎁 wraps all package managers with a unifying CLI
apt npm pip sbom snap spdx xbar yarn linux macos steam flatpak windows homebrew ruby-gem cyclonedx package-url php-composer mac-app-store package-manager
Created 2016-08-17
4,312 commits to main branch, last one 19 hours ago
sandworm-hq
sandworm-audit sandworm-hq
5
471
mit
8
Security & License Compliance For Your App's Dependencies 🪱
cli sbom audit security compliance dependencies supply-chain vulnerability security-tools vulnerabilities d3-visualization license-checking dependencies-tree dependencies-graph license-compliance license-management vulnerability-scanners
Created 2022-10-25
271 commits to main branch, last one about a year ago
microsoft
component-detection microsoft
90
438
mit
18
Scans your project to determine what components you use
sbom dependencies static-analysis package-management software-bill-of-materials software-composition-analysis
Created 2021-11-16
740 commits to main branch, last one a day ago
fsfe
reuse-tool fsfe
149
410
unknown
18
reuse is a tool for compliance with the REUSE recommendations.
fsfe sbom spdx reuse linter python analyzer copyright licensing free-software
Created 2019-04-12
2,547 commits to main branch, last one 7 days ago
chainloop-dev
chainloop chainloop-dev
29
375
apache-2.0
11
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
1,041 commits to main branch, last one 18 hours ago
CycloneDX
specification CycloneDX
59
365
apache-2.0
26
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
bom cpe vex cbom mbom sbom spdx swid tc54 owasp license saasbom software standard cyclonedx supply-chain specification machine-learning bill-of-materials software-bill-of-materials
Created 2017-05-29
1,039 commits to master branch, last one 3 days ago
xeol-io
xeol xeol-io
21
349
apache-2.0
4
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
eol nist sbom fedramp pci-dss security compliance end-of-life outdated-dep release-policy outdated-packages outdated-libraries
Created 2022-12-23
221 commits to main branch, last one 11 days ago
kubernetes-sigs
bom kubernetes-sigs
48
344
apache-2.0
11
A utility to generate SPDX-compliant Bill of Materials manifests
go bom sbom spdx golang kubernetes
Created 2021-11-19
1,122 commits to main branch, last one 9 days ago