22 results found Sort:

jeremylong
DependencyCheck jeremylong
1.3k
6.6k
apache-2.0
180
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
ant-task security build-tool maven-plugin gradle-plugin jenkins-plugin security-audit vulnerability-detection software-composition-analysis
Created 2012-09-03
10,342 commits to main branch, last one a day ago
RetireJS
retire.js RetireJS
423
3.7k
other
83
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
sbom scanner security sbom-tool build-tool javascript grunt-plugins sbom-generator vulnerabilities chrome-extension firefox-extension insecure-libraries vulnerable-libraries software-composition-analysis
Created 2013-08-30
1,000 commits to master branch, last one 9 days ago
DependencyTrack
dependency-track DependencyTrack
583
2.7k
apache-2.0
69
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
bom nvd sca purl sbom owasp appsec ossindex security cyclonedx devsecops package-url hacktoberfest vulnerabilities bill-of-materials software-security component-analysis security-automation vulnerability-detection software-composition-analysis
Created 2013-07-16
5,682 commits to master branch, last one 2 days ago
aboutcode-org
scancode-toolkit aboutcode-org
560
2.2k
unknown
71
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
sca purl sbom spdx license packages copyright cyclonedx licensing provenance package-url dependencies license-scan spdx-licenses copyright-scan oss-compliance dependency-graph license-checking open-source-licensing software-composition-analysis
Created 2015-07-01
11,326 commits to develop branch, last one 16 days ago
murphysecurity
murphysec murphysecurity
174
1.7k
apache-2.0
26
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
sca scanner codescan security dependency software-supply-chain vulnerability-detection software-composition-analysis
Created 2022-03-16
1,449 commits to v3 branch, last one 2 days ago
lunasec-io
lunasec lunasec-io
168
1.4k
other
29
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
gdpr sbom soc2 pci-dss scanning security devsecops log4shell compliance zero-trust cve-scanning tokenization web-security cybersecurity scanning-tool sbom-generator security-tools continuous-delivery dependency-analysis software-composition-analysis
Created 2021-03-16
3,454 commits to master branch, last one 7 months ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
116
1.1k
apache-2.0
154
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
990 commits to master branch, last one 2 months ago
tern-tools
tern tern-tools
188
968
bsd-2-clause
32
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis
Created 2017-11-27
1,102 commits to main branch, last one about a year ago
microsoft
component-detection microsoft
91
447
mit
18
Scans your project to determine what components you use
sbom dependencies static-analysis package-management software-bill-of-materials software-composition-analysis
Created 2021-11-16
747 commits to main branch, last one 2 days ago
bureado
awesome-software-supply-chain-security bureado
27
297
unknown
25
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom devsecops attestation awesome-list cve-scanning dependencies oss-compliance static-analysis package-management reproducible-builds supply-chain-attacks dependency-management software-supply-chain supply-chain-security security-vulnerability vulnerability-scanning vulnerability-management software-composition-analysis software-supply-chain-security
Created 2022-02-20
447 commits to main branch, last one about a year ago
albuch
sbt-dependency-check albuch
35
265
apache-2.0
11
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
cve nvd sbt owasp scala appsec devops infosec security devsecops sbt-plugin security-audit static-analysis vulnerabilities software-security security-automation owasp-dependencycheck vulnerability-scanners software-composition-analysis
Created 2016-01-12
625 commits to main branch, last one about a year ago
safedep
vet safedep
24
244
apache-2.0
9
Tool to achieve policy driven vetting of open source dependencies
security devsecops policy-as-code supply-chain-security software-composition-analysis
Created 2022-12-30
493 commits to main branch, last one 2 days ago
aboutcode-org
scancode.io aboutcode-org
91
121
apache-2.0
14
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
sca purl spdx docker license scancode cyclonedx open-source package-url foss-compliance virtual-machine vulnerabilities software-composition-analysis
Created 2020-09-10
1,063 commits to main branch, last one 3 days ago
hysnsec
awesome-sca hysnsec
29
98
cc0-1.0
9
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
sca snyk component-analysis practical-devsecops vulnerability-databases software-composition-analysis
Created 2021-05-29
14 commits to main branch, last one 25 days ago
pmckeown
dependency-track-maven-plugin pmckeown
23
65
apache-2.0
2
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
pom java owasp devsecops bom-upload maven-plugin maven-lifecycle dependency-track security-software component-analysis software-composition-analysis
Created 2019-06-29
235 commits to main branch, last one 7 days ago
opossum-tool
OpossumUI opossum-tool
27
60
apache-2.0
2
A light-weight app to audit and inventory large codebases for open source license compliance.
spdx codescan remediation license-scan copyright-scan oss-compliance package-dependency software-bill-of-materials software-composition-analysis
Created 2021-09-21
5,247 commits to main branch, last one a day ago
nxenon
DevSecOps nxenon
4
57
unknown
3
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
iast sast sbom sdlc devsecops defectdojo threat-model secure-coding devsecops-notes threat-modeling dependency-track secret-management secure-development devsecops-resources devsecops-best-practices software-bill-of-material software-composition-analysis static-analysis-security-testing
Created 2023-11-14
113 commits to main branch, last one 19 days ago
ozontech
dtrack-audit ozontech
16
51
gpl-3.0
12
OWASP Dependency Track API client for intergration into CI/CD pipeline
security security-tools component-analysis software-composition-analysis
Created 2019-10-11
50 commits to master branch, last one 2 years ago
scanoss
sbom-workbench scanoss
10
47
other
4
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
sbom license open-source sbom-generator software-composition-analysis
Created 2021-06-10
1,148 commits to main branch, last one 24 days ago
meta-fun
awesome-software-supply-chain-security meta-fun
3
41
apache-2.0
5
Sharing software supply chain security open source projects
cicd sast sbom devops security kubernetes supply-chain security-tools dependency-analysis software-supply-chain supply-chain-security vulnerability-scanner software-composition-analysis software-supply-chain-security
Created 2022-02-18
18 commits to main branch, last one 2 years ago
harekrishnarai
Damn-vulnerable-sca harekrishnarai
16
29
unknown
3
Damn Vulnerable SCA Application
sca sast scagoat product-security application-security supply-chain-security software-composition-analysis software-supply-chain-security
Created 2024-02-09
94 commits to main branch, last one 3 months ago
LLNL
Surfactant LLNL
16
25
mit
6
Modular framework for file information extraction and dependency analysis to generate accurate SBOMs
sbom spdx tool python python3 cyclonedx dependencies hacktoberfest sbom-generator static-analysis dependency-graph dependency-analysis software-bill-of-materials software-composition-analysis
Created 2023-06-27
505 commits to main branch, last one a day ago