51 results found Sort:

anchore
syft anchore
599
6.5k
apache-2.0
61
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
go oci sbom spdx tool docker golang cyclonedx containers hacktoberfest static-analysis
Created 2020-05-07
2,590 commits to main branch, last one a day ago
aboutcode-org
scancode-toolkit aboutcode-org
576
2.2k
unknown
70
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
sca purl sbom spdx license packages copyright cyclonedx licensing provenance package-url dependencies license-scan spdx-licenses copyright-scan oss-compliance dependency-graph license-checking open-source-licensing software-composition-analysis
Created 2015-07-01
11,374 commits to develop branch, last one 12 days ago
oss-review-toolkit
ort oss-review-toolkit
317
1.7k
apache-2.0
39
A suite of tools to automate software compliance checks.
cra sca dora ospo sbom spdx license copyright cyclonedx compliance dependencies hacktoberfest oss-compliance sbom-generator package-manager dependency-graph license-management open-source-licensing
Created 2017-10-19
17,306 commits to main branch, last one a day ago
guacsec
guac guacsec
183
1.3k
apache-2.0
43
GUAC aggregates software security metadata into a high fidelity graph database.
vex sbom slsa spdx graph in-toto security cyclonedx spdx-sbom attestations supply-chain vulnerability cyclonedx-sbom software-supply-chain supply-chain-security supply-chain-analytics supply-chain-visibility vulnerability-management software-supply-chain-security
Created 2022-06-10
1,834 commits to main branch, last one a day ago
XmirrorSecurity
OpenSCA-cli XmirrorSecurity
118
1.0k
apache-2.0
107
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security
Created 2021-12-30
999 commits to master branch, last one 5 days ago
tern-tools
tern tern-tools
186
973
bsd-2-clause
32
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis
Created 2017-11-27
1,102 commits to main branch, last one about a year ago
fossology
fossology fossology
439
828
gpl-2.0
63
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and we...
oss spdx license fossology compliance license-scan spdx-licenses compliance-check license-checking license-management compliance-automation
Created 2014-01-13
9,917 commits to master branch, last one 5 days ago
package-url
purl-spec package-url
168
728
other
33
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
url purl sbom spdx package cyclonedx package-url dependencies package-management
Created 2017-11-11
272 commits to master branch, last one 4 days ago
EmbarkStudios
cargo-about EmbarkStudios
33
562
apache-2.0
5
📜 Cargo plugin to generate list of all licenses for a crate 🦀
rust spdx cargo licensing rust-lang cargo-plugin hacktoberfest license-checking
Created 2019-11-01
203 commits to main branch, last one 2 months ago
devops-kung-fu
bomber devops-kung-fu
44
538
mpl-2.0
10
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
oss epss sbom spdx syft golang gomodule security cyclonedx devsecops supplychain supply-chain security-tools security-automation vulnerability-scanners
Created 2022-07-08
90 commits to main branch, last one 2 months ago
spdx
license-list-data spdx
152
529
unknown
41
Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON
json rdfa spdx licenses licensing html-format
Created 2016-04-15
692 commits to main branch, last one 27 days ago
kdeldycke
meta-package-manager kdeldycke
36
490
gpl-2.0
12
🎁 wraps all package managers with a unifying CLI
apt npm pip sbom snap spdx xbar yarn linux macos steam flatpak windows homebrew ruby-gem cyclonedx package-url php-composer mac-app-store package-manager
Created 2016-08-17
4,340 commits to main branch, last one 24 days ago
fsfe
reuse-tool fsfe
155
437
unknown
17
reuse is a tool for compliance with the REUSE recommendations.
fsfe sbom spdx reuse linter python analyzer copyright licensing free-software
Created 2019-04-12
2,549 commits to main branch, last one 18 days ago
chainloop-dev
chainloop chainloop-dev
32
380
apache-2.0
11
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, etc. With Chainloop, Security and Compliance teams can define policies, what evicence to receive and where to...
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
1,205 commits to main branch, last one a day ago
CycloneDX
specification CycloneDX
62
377
apache-2.0
27
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
bom cpe vex cbom mbom sbom spdx swid tc54 owasp license saasbom software standard cyclonedx supply-chain specification machine-learning bill-of-materials software-bill-of-materials
Created 2017-05-29
1,059 commits to master branch, last one 12 days ago
kubernetes-sigs
bom kubernetes-sigs
52
364
apache-2.0
12
A utility to generate SPDX-compliant Bill of Materials manifests
go bom sbom spdx golang kubernetes
Created 2021-11-19
1,160 commits to main branch, last one 2 days ago
CycloneDX
cyclonedx-cli CycloneDX
63
328
apache-2.0
15
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
bom vex mbom obom purl sbom spdx owasp saasbom cyclonedx package-url hacktoberfest sbom-generator bill-of-materials software-bill-of-materials
Created 2020-10-22
416 commits to main branch, last one 2 months ago
CycloneDX
cyclonedx-maven-plugin CycloneDX
86
306
apache-2.0
13
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bom vex mbom obom purl sbom spdx maven owasp saasbom cyclonedx package-url maven-plugin sbom-generator bill-of-materials software-bill-of-materials
Created 2017-06-04
759 commits to master branch, last one 2 months ago
spdx
spdx-spec spdx
143
304
other
34
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
sbom spdx licenses spdx-sbom specification linux-foundation bill-of-materials software-transparency software-bill-of-materials software-package-data-exchange
Created 2017-05-10
1,072 commits to develop branch, last one 8 days ago
CycloneDX
cyclonedx-python CycloneDX
69
266
apache-2.0
12
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
bom pip purl sbom spdx conda owasp poetry python python3 cyclonedx sbom-tool environment package-url requirements hacktoberfest sbom-generator bill-of-materials software-bill-of-materials
Created 2018-11-15
689 commits to main branch, last one 7 days ago
src-d
go-license-detector src-d
39
236
other
11
Reliable project licenses detector.
spdx license-scan spdx-license spdx-licenses license-management
Created 2018-01-30
169 commits to master branch, last one 4 years ago
spdx
tools-python spdx
135
200
apache-2.0
25
A Python library to parse, validate and create SPDX documents.
rdf spdx python parsing licensing
Created 2015-03-23
1,387 commits to main branch, last one 4 months ago
CycloneDX
cyclonedx-dotnet CycloneDX
93
198
apache-2.0
13
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
bom vex mbom obom purl sbom spdx owasp dotnet saasbom cyclonedx dotnet-core package-url hacktoberfest sbom-generator bill-of-materials software-bill-of-materials
Created 2018-10-02
948 commits to master branch, last one 6 days ago
raftario
licensor raftario
12
197
mit
7
write licenses to stdout
cli spdx license licensing
Created 2019-09-19
98 commits to master branch, last one 2 years ago
interlynk-io
sbomqs interlynk-io
20
192
apache-2.0
7
SBOM quality score - Quality metrics for your sboms
go sbom spdx golang cyclonedx sbom-tool sbom-score sbom-quality sbom-samples sbom-examples security-tools devsecops-pipeline supply-chain-security
Created 2023-01-31
622 commits to main branch, last one 19 days ago
CycloneDX
cyclonedx-gradle-plugin CycloneDX
79
167
apache-2.0
11
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
bom purl sbom spdx owasp gradle cyclonedx package-url gradle-plugin sbom-generator bill-of-materials software-bill-of-materials
Created 2018-05-30
650 commits to master branch, last one 17 days ago
spdx
tools spdx
70
132
apache-2.0
18
SPDX Tools
spdx license-management
Created 2015-03-23
1,015 commits to master branch, last one 2 years ago
boyter
lc boyter
17
130
agpl-3.0
8
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Du...
go cli spdx golang license classifier commandline licensechecker command-line-tool license-management open-source-licensing
Created 2018-01-22
395 commits to master branch, last one 7 months ago
aboutcode-org
scancode.io aboutcode-org
95
125
apache-2.0
13
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
sca purl spdx docker license scancode cyclonedx open-source package-url foss-compliance virtual-machine vulnerabilities software-composition-analysis
Created 2020-09-10
1,101 commits to main branch, last one 5 days ago
CycloneDX
cyclonedx-rust-cargo CycloneDX
47
112
apache-2.0
10
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
bom vex mbom obom purl rust sbom spdx cargo owasp saasbom cyclonedx package-url cargo-plugin sbom-generator bill-of-materials software-bill-of-materials
Created 2019-05-21
1,209 commits to main branch, last one 28 days ago