72 results found Sort:

anchore
syft anchore
511
5.6k
apache-2.0
58
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
go oci sbom spdx tool docker golang cyclonedx containers hacktoberfest static-analysis
Created 2020-05-07
2,138 commits to main branch, last one 18 hours ago
RetireJS
retire.js RetireJS
412
3.6k
other
86
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
sbom scanner security sbom-tool build-tool javascript grunt-plugins sbom-generator vulnerabilities chrome-extension firefox-extension insecure-libraries vulnerable-libraries software-composition-analysis
Created 2013-08-30
927 commits to master branch, last one 3 days ago
DependencyTrack
dependency-track DependencyTrack
517
2.4k
apache-2.0
69
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
bom nvd sca purl sbom owasp appsec vulndb ossindex security cyclonedx devsecops package-url vulnerabilities bill-of-materials software-security component-analysis security-automation vulnerability-detection software-composition-analysis
Created 2013-07-16
4,910 commits to master branch, last one 2 days ago
nexB
scancode-toolkit nexB
532
2k
unknown
73
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
sca purl sbom spdx license packages copyright cyclonedx licensing provenance package-url dependencies license-scan spdx-licenses copyright-scan oss-compliance dependency-graph license-checking open-source-licensing software-composition-analysis
Created 2015-07-01
11,071 commits to develop branch, last one 25 days ago
HummerRisk
HummerRisk HummerRisk
288
1.8k
gpl-3.0
111
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cspm sbom trivy prowler security compliance cloud-native k8s-security vulnerability cloud-custodian compliance-as-code kubernetes-security cloud-native-security
Created 2022-06-03
3,116 commits to master branch, last one 7 months ago
oss-review-toolkit
ort oss-review-toolkit
294
1.5k
apache-2.0
41
A suite of tools to automate software compliance checks.
sca ospo sbom spdx license copyright cyclonedx compliance dependencies license-scan package-scan hacktoberfest copyright-scan oss-compliance sbom-generator package-manager dependency-graph license-checking license-management open-source-licensing
Created 2017-10-19
15,579 commits to main branch, last one a day ago
microsoft
sbom-tool microsoft
121
1.5k
mit
23
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
sbom sbom-generator
Created 2022-06-01
251 commits to main branch, last one 9 days ago
lunasec-io
lunasec lunasec-io
162
1.4k
other
30
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
gdpr sbom soc2 pci-dss scanning security devsecops log4shell compliance zero-trust cve-scanning tokenization web-security cybersecurity scanning-tool sbom-generator security-tools continuous-delivery dependency-analysis software-composition-analysis
Created 2021-03-16
3,454 commits to master branch, last one about a month ago
openclarity
kubeclarity openclarity
157
1.3k
apache-2.0
29
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
sbom scanner security kubernetes supply-chain vulnerabilities kubernetes-security effortless-integrations
Created 2020-03-22
348 commits to main branch, last one 4 months ago
defenseunicorns
zarf defenseunicorns
144
1.2k
apache-2.0
18
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
dod k3s k8s oci helm sbom airgap cosign docker gitops kustomize government kubernetes cloud-native docker-registry
Created 2021-08-23
1,685 commits to main branch, last one 17 hours ago
intel
cve-bin-tool intel
439
1.1k
gpl-3.0
27
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
cve cvss sbom python swrepo security devsecops sbom-tool system-tools hacktoberfest vulnerability security-tools vulnerabilities security-automation
Created 2019-01-11
2,617 commits to main branch, last one a day ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
115
1.0k
apache-2.0
155
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
939 commits to master branch, last one 2 days ago
tern-tools
tern tern-tools
187
942
bsd-2-clause
31
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis
Created 2017-11-27
1,102 commits to main branch, last one 5 months ago
owasp-dep-scan
dep-scan owasp-dep-scan
88
890
mit
14
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
cve sca vex sbom cyclonedx devsecops compliance containers risk-audit security-audit security-tools dependency-audit dependency-analysis reachability-analysis supply-chain-security vulnerability-scanners
Created 2020-01-28
351 commits to master branch, last one 21 days ago
package-url
purl-spec package-url
144
626
other
32
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
url purl sbom spdx package cyclonedx package-url dependencies package-management
Created 2017-11-11
204 commits to master branch, last one about a month ago
rust-secure-code
cargo-auditable rust-secure-code
25
581
apache-2.0
17
Make production Rust binaries auditable
rust sbom rust-lang cargo-plugin security-audit security-tools cargo-subcommand security-automation
Created 2019-01-12
723 commits to master branch, last one 7 days ago
CycloneDX
cdxgen CycloneDX
137
475
apache-2.0
13
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
bom oci sca cbom purl sbom owasp docker saasbom cyclonedx containers package-url supply-chain software-bill-of-materials
Created 2019-12-30
1,190 commits to master branch, last one a day ago
sandworm-hq
sandworm-audit sandworm-hq
5
466
mit
8
Security & License Compliance For Your App's Dependencies 🪱
cli sbom audit security compliance dependencies supply-chain vulnerability security-tools vulnerabilities d3-visualization license-checking dependencies-tree dependencies-graph license-compliance license-management vulnerability-scanners
Created 2022-10-25
271 commits to main branch, last one 7 months ago
devops-kung-fu
bomber devops-kung-fu
39
462
mpl-2.0
8
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
oss sbom spdx syft golang gomodule security cyclonedx devsecops supplychain supply-chain security-tools security-automation vulnerability-scanners
Created 2022-07-08
80 commits to main branch, last one 3 months ago
kdeldycke
meta-package-manager kdeldycke
33
443
gpl-2.0
11
🎁 wraps all package managers with a unifying CLI
apt npm pip sbom snap xbar yarn linux macos steam pacman flatpak portage windows homebrew ruby-gem package-url php-composer mac-app-store package-manager
Created 2016-08-17
4,057 commits to main branch, last one 20 hours ago
awesomeSBOM
awesome-sbom awesomeSBOM
57
432
unknown
17
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
sbom awesome awesome-sbom awesome-repos sbom-examples sbom-generator software-bill-of-materials
Created 2021-07-30
54 commits to master branch, last one 5 months ago
microsoft
component-detection microsoft
81
385
mit
12
Scans your project to determine what components you use
sbom dependencies static-analysis package-management software-bill-of-materials software-composition-analysis
Created 2021-11-16
648 commits to main branch, last one 2 days ago
fsfe
reuse-tool fsfe
135
357
unknown
21
reuse is a tool for compliance with the REUSE recommendations.
fsfe sbom spdx reuse linter python analyzer copyright licensing free-software
Created 2019-04-12
2,236 commits to main branch, last one 3 days ago
xeol-io
xeol xeol-io
18
329
apache-2.0
5
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
eol nist sbom fedramp pci-dss security compliance end-of-life outdated-dep release-policy outdated-packages outdated-libraries
Created 2022-12-23
213 commits to main branch, last one about a month ago
CycloneDX
specification CycloneDX
56
328
apache-2.0
28
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
bom cpe vex cbom mbom sbom spdx swid owasp license saasbom software standard cyclonedx supply-chain specification machine-learning bill-of-materials software-security software-bill-of-materials
Created 2017-05-29
946 commits to master branch, last one 20 hours ago
chainloop-dev
chainloop chainloop-dev
24
319
apache-2.0
8
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
548 commits to main branch, last one a day ago
trailofbits
it-depends trailofbits
20
319
lgpl-3.0
25
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
sbom hacktoberfest sbom-generator dependency-graph hacktoberfest2021 dependency-analysis vulnerability-scanner
Created 2021-01-28
379 commits to master branch, last one 2 months ago
kubernetes-sigs
bom kubernetes-sigs
43
305
apache-2.0
11
A utility to generate SPDX-compliant Bill of Materials manifests
go bom sbom spdx golang kubernetes
Created 2021-11-19
1,057 commits to main branch, last one 12 days ago
owasp-dep-scan
blint owasp-dep-scan
27
290
mit
7
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
sbom binary depscan fuzzing malware cyclonedx supply-chain-security supply-chain-analytics
Created 2023-01-21
227 commits to main branch, last one 3 days ago
CycloneDX
cyclonedx-maven-plugin CycloneDX
83
275
apache-2.0
14
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bom vex mbom obom purl sbom spdx maven owasp saasbom cyclonedx package-url maven-plugin sbom-generator bill-of-materials software-bill-of-materials
Created 2017-06-04
712 commits to master branch, last one a day ago