24 results found Sort:
- Filter by Primary Language:
- Python (6)
- Go (4)
- Java (3)
- TypeScript (3)
- JavaScript (2)
- Kotlin (1)
- C# (1)
- Scala (1)
- +
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Created
2012-09-03
10,568 commits to main branch, last one a day ago
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Created
2013-08-30
1,006 commits to master branch, last one about a month ago
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Created
2013-07-16
6,000 commits to master branch, last one 2 days ago
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
Created
2015-07-01
11,510 commits to develop branch, last one 4 days ago
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
Created
2022-03-16
1,546 commits to v3 branch, last one 4 days ago
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
Created
2021-03-16
3,454 commits to master branch, last one 11 months ago
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
Created
2021-12-30
1,007 commits to master branch, last one 7 days ago
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Created
2017-11-27
1,102 commits to main branch, last one about a year ago
Scans your project to determine what components you use
Created
2021-11-16
773 commits to main branch, last one 10 days ago
🚀 Policy driven vetting of open source packages with malicious code analysis
Created
2022-12-30
569 commits to main branch, last one 9 days ago
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom
devsecops
attestation
awesome-list
cve-scanning
dependencies
oss-compliance
static-analysis
package-management
reproducible-builds
supply-chain-attacks
dependency-management
software-supply-chain
supply-chain-security
security-vulnerability
vulnerability-scanning
vulnerability-management
software-composition-analysis
software-supply-chain-security
Created
2022-02-20
447 commits to main branch, last one about a year ago
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Created
2016-01-12
625 commits to main branch, last one about a year ago
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
Created
2020-09-10
1,145 commits to main branch, last one 4 days ago
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
Created
2021-05-29
14 commits to main branch, last one 4 months ago
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Created
2019-06-29
241 commits to main branch, last one 18 days ago
A light-weight app to audit and inventory large codebases for open source license compliance.
Created
2021-09-21
6,037 commits to main branch, last one 13 hours ago
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
Created
2023-11-14
116 commits to main branch, last one 3 months ago
OWASP Dependency Track API client for intergration into CI/CD pipeline
Created
2019-10-11
50 commits to master branch, last one 3 years ago
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
Created
2021-06-10
1,174 commits to main branch, last one 18 days ago
Sharing software supply chain security open source projects
Created
2022-02-18
18 commits to main branch, last one 2 years ago
This repository contains the container image scanning tool ORCA
Created
2024-11-05
19 commits to main branch, last one 13 days ago
A scalable server implementation of the OSS Review Toolkit.
Created
2024-02-20
5,105 commits to main branch, last one 13 hours ago
Damn Vulnerable SCA Application
Created
2024-02-09
94 commits to main branch, last one 7 months ago
Modular framework for file information extraction and dependency analysis to generate accurate SBOMs
Created
2023-06-27
571 commits to main branch, last one 5 days ago