Search Results - RepositoryStats

1.2k

6.0k

apache-2.0

178

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

ant-task security build-tool maven-plugin gradle-plugin jenkins-plugin security-audit vulnerability-detection software-composition-analysis

Created 2012-09-03

10,030 commits to main branch, last one 3 days ago

retire.js RetireJS

413

3.6k

other

86

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

sbom scanner security sbom-tool build-tool javascript grunt-plugins sbom-generator vulnerabilities chrome-extension firefox-extension insecure-libraries vulnerable-libraries software-composition-analysis

Created 2013-08-30

937 commits to master branch, last one a day ago

dependency-track DependencyTrack

528

2.4k

apache-2.0

69

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Created 2013-07-16

5,006 commits to master branch, last one 15 hours ago

scancode-toolkit nexB

534

2.0k

unknown

73

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...

Created 2015-07-01

11,149 commits to develop branch, last one 20 hours ago

murphysec murphysecurity

168

1.6k

apache-2.0

24

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

sca scanner codescan security dependency software-supply-chain vulnerability-detection software-composition-analysis

Created 2022-03-16

1,319 commits to v3 branch, last one 5 days ago

lunasec lunasec-io

162

1.4k

other

30

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

Created 2021-03-16

3,454 commits to master branch, last one about a month ago

OpenSCA-cli XmirrorSecurity

118

1.0k

apache-2.0

155

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security

Created 2021-12-30

951 commits to master branch, last one 23 hours ago

tern tern-tools

187

948

bsd-2-clause

31

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis

Created 2017-11-27

1,102 commits to main branch, last one 6 months ago

component-detection microsoft

81

395

mit

14

Scans your project to determine what components you use

sbom dependencies static-analysis package-management software-bill-of-materials software-composition-analysis

Created 2021-11-16

679 commits to main branch, last one 3 days ago

sbt-dependency-check albuch

35

264

apache-2.0

11

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

cve nvd sbt owasp scala appsec devops infosec security devsecops sbt-plugin security-audit static-analysis vulnerabilities software-security security-automation owasp-dependencycheck vulnerability-scanners software-composition-analysis

Created 2016-01-12

625 commits to main branch, last one 7 months ago

awesome-software-supply-chain-security bureado

25

260

unknown

26

A compilation of resources in the software supply chain security domain, with emphasis on open source

sbom devsecops attestation awesome-list cve-scanning dependencies oss-compliance static-analysis package-management reproducible-builds supply-chain-attacks dependency-management software-supply-chain supply-chain-security security-vulnerability vulnerability-scanning vulnerability-management software-composition-analysis software-supply-chain-security

Created 2022-02-20

447 commits to main branch, last one about a year ago

vet safedep

16

190

apache-2.0

6

Tool to achieve policy driven vetting of open source dependencies

security devsecops policy-as-code supply-chain-security software-composition-analysis

Created 2022-12-30

338 commits to main branch, last one 8 days ago

awesome-sca hysnsec

29

94

cc0-1.0

9

A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.

sca snyk component-analysis practical-devsecops vulnerability-databases software-composition-analysis

Created 2021-05-29

9 commits to main branch, last one about a year ago

scancode.io nexB

83

94

apache-2.0

14

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...

sca purl spdx docker license scancode cyclonedx open-source package-url foss-compliance virtual-machine vulnerabilities software-composition-analysis

Created 2020-09-10

977 commits to main branch, last one 21 hours ago

dependency-track-maven-plugin pmckeown

19

61

apache-2.0

2

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

pom java owasp devsecops bom-upload maven-plugin maven-lifecycle dependency-track security-software component-analysis software-composition-analysis

Created 2019-06-29

221 commits to main branch, last one 7 months ago

OpossumUI opossum-tool

25

56

apache-2.0

2

A light-weight app to audit and inventory large codebases for open source license compliance.

spdx codescan remediation license-scan copyright-scan oss-compliance package-dependency software-bill-of-materials software-composition-analysis

Created 2021-09-21

4,797 commits to main branch, last one 2 days ago

dtrack-audit ozontech

15

47

gpl-3.0

12

OWASP Dependency Track API client for intergration into CI/CD pipeline

security security-tools component-analysis software-composition-analysis

Created 2019-10-11

50 commits to master branch, last one 2 years ago

sbom-workbench scanoss

9

43

other

3

The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.

sbom license open-source sbom-generator software-composition-analysis

Created 2021-06-10

1,102 commits to main branch, last one a day ago

awesome-software-supply-chain-security meta-fun

3

38

apache-2.0

5

Sharing software supply chain security open source projects

cicd sast sbom devops security kubernetes supply-chain security-tools dependency-analysis software-supply-chain supply-chain-security vulnerability-scanner software-composition-analysis software-supply-chain-security

Created 2022-02-18

18 commits to main branch, last one about a year ago