89 results found Sort:

anchore
syft anchore
587
6.4k
apache-2.0
59
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
go oci sbom spdx tool docker golang cyclonedx containers hacktoberfest static-analysis
Created 2020-05-07
2,523 commits to main branch, last one 2 days ago
RetireJS
retire.js RetireJS
423
3.7k
other
83
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
sbom scanner security sbom-tool build-tool javascript grunt-plugins sbom-generator vulnerabilities chrome-extension firefox-extension insecure-libraries vulnerable-libraries software-composition-analysis
Created 2013-08-30
1,000 commits to master branch, last one 9 days ago
e-m-b-a
emba e-m-b-a
237
2.8k
gpl-3.0
44
EMBA - The firmware security analyzer
iot sbom linux hacking infosec firmware security pentesting embedded-linux firmware-tools security-tools binary-analysis static-analyzer embedded-systems firmware-analysis penetration-testing reverse-engineering vulnerability-scanner vulnerability-scanners artificial-intelligence
Created 2020-08-25
5,652 commits to master branch, last one a day ago
DependencyTrack
dependency-track DependencyTrack
583
2.7k
apache-2.0
69
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
bom nvd sca purl sbom owasp appsec ossindex security cyclonedx devsecops package-url hacktoberfest vulnerabilities bill-of-materials software-security component-analysis security-automation vulnerability-detection software-composition-analysis
Created 2013-07-16
5,682 commits to master branch, last one 2 days ago
aboutcode-org
scancode-toolkit aboutcode-org
560
2.2k
unknown
71
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
sca purl sbom spdx license packages copyright cyclonedx licensing provenance package-url dependencies license-scan spdx-licenses copyright-scan oss-compliance dependency-graph license-checking open-source-licensing software-composition-analysis
Created 2015-07-01
11,326 commits to develop branch, last one 16 days ago
HummerRisk
HummerRisk HummerRisk
297
1.8k
gpl-3.0
111
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cspm sbom trivy prowler security compliance cloud-native k8s-security vulnerability cloud-custodian compliance-as-code kubernetes-security cloud-native-security
Created 2022-06-03
3,116 commits to master branch, last one about a year ago
microsoft
sbom-tool microsoft
138
1.7k
mit
26
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
sbom sbom-generator
Created 2022-06-01
377 commits to main branch, last one a day ago
oss-review-toolkit
ort oss-review-toolkit
314
1.6k
apache-2.0
40
A suite of tools to automate software compliance checks.
cra sca dora ospo sbom spdx license copyright cyclonedx compliance dependencies hacktoberfest oss-compliance sbom-generator package-manager dependency-graph license-management open-source-licensing
Created 2017-10-19
16,975 commits to main branch, last one 13 hours ago
lunasec-io
lunasec lunasec-io
168
1.4k
other
29
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
gdpr sbom soc2 pci-dss scanning security devsecops log4shell compliance zero-trust cve-scanning tokenization web-security cybersecurity scanning-tool sbom-generator security-tools continuous-delivery dependency-analysis software-composition-analysis
Created 2021-03-16
3,454 commits to master branch, last one 7 months ago
zarf-dev
zarf zarf-dev
173
1.4k
apache-2.0
20
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
dod k3s k8s oci helm sbom airgap cosign docker gitops kustomize government kubernetes cloud-native docker-registry
Created 2021-08-23
2,167 commits to main branch, last one a day ago
openclarity
openclarity openclarity
168
1.4k
apache-2.0
31
OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure
sbom cloud malware scanner exploits rootkits security kubernetes supply-chain leaked-secrets virtual-machine vulnerabilities
Created 2020-03-22
2,016 commits to main branch, last one a day ago
intel
cve-bin-tool intel
468
1.3k
gpl-3.0
31
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
cve cvss sbom python swrepo security devsecops sbom-tool system-tools hacktoberfest vulnerability security-tools vulnerabilities security-automation
Created 2019-01-11
2,960 commits to main branch, last one a day ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
116
1.1k
apache-2.0
154
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
990 commits to master branch, last one 2 months ago
owasp-dep-scan
dep-scan owasp-dep-scan
100
1.0k
mit
17
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
cve sca vex sbom cyclonedx devsecops compliance containers risk-audit security-audit security-tools dependency-audit dependency-analysis reachability-analysis supply-chain-security vulnerability-scanners
Created 2020-01-28
390 commits to master branch, last one 17 days ago
tern-tools
tern tern-tools
188
968
bsd-2-clause
32
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis
Created 2017-11-27
1,102 commits to main branch, last one about a year ago
package-url
purl-spec package-url
166
711
other
32
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
url purl sbom spdx package cyclonedx package-url dependencies package-management
Created 2017-11-11
270 commits to master branch, last one 29 days ago
bitbomdev
minefield bitbomdev
23
694
apache-2.0
69
Graphing SBOM's Fast.
ai llm sbom graph airgap roaring-bitmaps supply-chain-security
Created 2024-06-05
153 commits to main branch, last one a day ago
rust-secure-code
cargo-auditable rust-secure-code
30
686
apache-2.0
20
Make production Rust binaries auditable
rust sbom rust-lang cargo-plugin security-audit security-tools cargo-subcommand security-automation
Created 2019-01-12
777 commits to master branch, last one 27 days ago
ARPSyndicate
puncia ARPSyndicate
30
645
mit
12
The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.
sbom exploit cyclonedx sbom-tool subdomain arpsyndicate vulnerability cyclonedx-sbom
Created 2023-09-10
39 commits to master branch, last one 27 days ago
CycloneDX
cdxgen CycloneDX
163
596
apache-2.0
16
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
bom oci sca cbom purl sbom owasp docker saasbom cyclonedx containers package-url supply-chain software-bill-of-materials
Created 2019-12-30
1,436 commits to master branch, last one 4 days ago
devops-kung-fu
bomber devops-kung-fu
45
533
mpl-2.0
10
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
oss epss sbom spdx syft golang gomodule security cyclonedx devsecops supplychain supply-chain security-tools security-automation vulnerability-scanners
Created 2022-07-08
90 commits to main branch, last one about a month ago
awesomeSBOM
awesome-sbom awesomeSBOM
63
491
unknown
17
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
sbom awesome awesome-sbom awesome-repos sbom-examples sbom-generator software-bill-of-materials
Created 2021-07-30
63 commits to master branch, last one about a month ago
kdeldycke
meta-package-manager kdeldycke
33
477
gpl-2.0
13
🎁 wraps all package managers with a unifying CLI
apt npm pip sbom snap spdx xbar yarn linux macos steam flatpak windows homebrew ruby-gem cyclonedx package-url php-composer mac-app-store package-manager
Created 2016-08-17
4,333 commits to main branch, last one 15 days ago
sandworm-hq
sandworm-audit sandworm-hq
5
471
mit
8
Security & License Compliance For Your App's Dependencies 🪱
cli sbom audit security compliance dependencies supply-chain vulnerability security-tools vulnerabilities d3-visualization license-checking dependencies-tree dependencies-graph license-compliance license-management vulnerability-scanners
Created 2022-10-25
271 commits to main branch, last one about a year ago
microsoft
component-detection microsoft
91
447
mit
18
Scans your project to determine what components you use
sbom dependencies static-analysis package-management software-bill-of-materials software-composition-analysis
Created 2021-11-16
747 commits to main branch, last one 2 days ago
fsfe
reuse-tool fsfe
151
418
unknown
18
reuse is a tool for compliance with the REUSE recommendations.
fsfe sbom spdx reuse linter python analyzer copyright licensing free-software
Created 2019-04-12
2,548 commits to main branch, last one 27 days ago
chainloop-dev
chainloop chainloop-dev
30
378
apache-2.0
11
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
1,141 commits to main branch, last one a day ago
CycloneDX
specification CycloneDX
61
372
apache-2.0
26
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
bom cpe vex cbom mbom sbom spdx swid tc54 owasp license saasbom software standard cyclonedx supply-chain specification machine-learning bill-of-materials software-bill-of-materials
Created 2017-05-29
1,042 commits to master branch, last one 9 days ago
xeol-io
xeol xeol-io
21
357
apache-2.0
4
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
eol nist sbom fedramp pci-dss security compliance end-of-life outdated-dep release-policy outdated-packages outdated-libraries
Created 2022-12-23
224 commits to main branch, last one 28 days ago
kubernetes-sigs
bom kubernetes-sigs
50
356
apache-2.0
11
A utility to generate SPDX-compliant Bill of Materials manifests
go bom sbom spdx golang kubernetes
Created 2021-11-19
1,146 commits to main branch, last one a day ago