Search Results - RepositoryStats

syft anchore

524

5.7k

apache-2.0

61

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go oci sbom spdx tool docker golang cyclonedx containers hacktoberfest static-analysis

Created 2020-05-07

2,194 commits to main branch, last one 20 hours ago

scancode-toolkit nexB

534

2.0k

unknown

73

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...

Created 2015-07-01

11,146 commits to develop branch, last one 20 hours ago

ort oss-review-toolkit

298

1.5k

apache-2.0

41

A suite of tools to automate software compliance checks.

Created 2017-10-19

15,687 commits to main branch, last one 21 hours ago

OpenSCA-cli XmirrorSecurity

118

1.0k

apache-2.0

155

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

sca sbom spdx swid security cyclonedx devsecops static-analysis vulnerabilities license-compliance software-supply-chain software-bill-of-materials software-composition-analysis software-supply-chain-security

Created 2021-12-30

949 commits to master branch, last one 15 days ago

tern tern-tools

187

947

bsd-2-clause

31

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis

Created 2017-11-27

1,102 commits to main branch, last one 6 months ago

fossology fossology

399

765

gpl-2.0

63

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and we...

oss spdx license fossology compliance license-scan spdx-licenses compliance-check license-checking license-management compliance-automation

Created 2014-01-13

9,740 commits to master branch, last one a day ago

purl-spec package-url

147

638

other

32

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

url purl sbom spdx package cyclonedx package-url dependencies package-management

Created 2017-11-11

204 commits to master branch, last one 2 months ago

cargo-about EmbarkStudios

29

495

apache-2.0

5

📜 Cargo plugin to generate list of all licenses for a crate 🦀

rust spdx cargo licensing rust-lang cargo-plugin hacktoberfest license-checking

Created 2019-11-01

184 commits to main branch, last one 26 days ago

license-list-data spdx

141

481

unknown

33

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

json rdfa spdx licenses licensing html-format

Created 2016-04-15

644 commits to main branch, last one about a month ago

bomber devops-kung-fu

42

469

mpl-2.0

8

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

oss sbom spdx syft golang gomodule security cyclonedx devsecops supplychain supply-chain security-tools security-automation vulnerability-scanners

Created 2022-07-08

80 commits to main branch, last one 3 months ago

reuse-tool fsfe

136

360

unknown

21

reuse is a tool for compliance with the REUSE recommendations.

fsfe sbom spdx reuse linter python analyzer copyright licensing free-software

Created 2019-04-12

2,258 commits to main branch, last one 7 days ago

specification CycloneDX

57

335

apache-2.0

28

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...

Created 2017-05-29

983 commits to master branch, last one 19 hours ago

chainloop chainloop-dev

25

328

apache-2.0

9

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security

Created 2023-03-06

662 commits to main branch, last one 14 hours ago

bom kubernetes-sigs

44

312

apache-2.0

11

A utility to generate SPDX-compliant Bill of Materials manifests

go bom sbom spdx golang kubernetes

Created 2021-11-19

1,057 commits to main branch, last one about a month ago

cyclonedx-maven-plugin CycloneDX

84

276

apache-2.0

15

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

bom vex mbom obom purl sbom spdx maven owasp saasbom cyclonedx package-url maven-plugin sbom-generator bill-of-materials software-bill-of-materials

Created 2017-06-04

718 commits to master branch, last one 6 days ago

spdx-spec spdx

133

274

other

34

The SPDX specification in MarkDown and HTML formats.

spdx licenses specification linux-foundation software-package-data-exchange

Created 2017-05-10

668 commits to development/v3.0.1 branch, last one 15 days ago

cyclonedx-cli CycloneDX

59

272

apache-2.0

16

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bom vex mbom obom purl sbom spdx owasp saasbom cyclonedx package-url hacktoberfest sbom-generator bill-of-materials software-bill-of-materials

Created 2020-10-22

403 commits to main branch, last one about a month ago

go-license-detector src-d

39

234

other

11

Reliable project licenses detector.

spdx license-scan spdx-license spdx-licenses license-management

Created 2018-01-30

169 commits to master branch, last one 4 years ago

cyclonedx-python CycloneDX

63

222

apache-2.0

14

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

bom pip purl sbom spdx conda owasp poetry python python3 cyclonedx sbom-tool environment package-url requirements sbom-generator bill-of-materials software-bill-of-materials

Created 2018-11-15

625 commits to main branch, last one 5 days ago

licensor raftario

11

194

mit

7

write licenses to stdout

cli spdx license licensing

Created 2019-09-19

98 commits to master branch, last one about a year ago

tools-python spdx

127

168

apache-2.0

24

A Python library to parse, validate and create SPDX documents.

rdf spdx python parsing licensing

Created 2015-03-23

1,379 commits to main branch, last one 2 months ago

cyclonedx-dotnet CycloneDX

78

167

apache-2.0

13

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

bom vex mbom obom purl sbom spdx owasp dotnet saasbom cyclonedx dotnet-core package-url hacktoberfest sbom-generator bill-of-materials software-bill-of-materials

Created 2018-10-02

937 commits to master branch, last one 20 days ago

sbomqs interlynk-io

19

145

apache-2.0

5

SBOM quality score - Quality metrics for your sboms

go sbom spdx golang cyclonedx sbom-tool sbom-score sbom-quality sbom-samples sbom-examples security-tools devsecops-pipeline supply-chain-security

Created 2023-01-31

375 commits to main branch, last one a day ago

cyclonedx-gradle-plugin CycloneDX

72

144

apache-2.0

11

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

bom purl sbom spdx owasp gradle cyclonedx package-url gradle-plugin sbom-generator bill-of-materials software-bill-of-materials

Created 2018-05-30

451 commits to master branch, last one 2 months ago

tools spdx

68

123

apache-2.0

18

SPDX Tools

spdx license-management

Created 2015-03-23

1,015 commits to master branch, last one about a year ago

lc boyter

17

121

agpl-3.0

8

licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Du...

go cli spdx golang license classifier commandline licensechecker command-line-tool license-management open-source-licensing

Created 2018-01-22

395 commits to master branch, last one 8 days ago

scancode.io nexB

83

94

apache-2.0

14

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...

sca purl spdx docker license scancode cyclonedx open-source package-url foss-compliance virtual-machine vulnerabilities software-composition-analysis

Created 2020-09-10

976 commits to main branch, last one 19 hours ago

spdx-license-list sindresorhus

16

87

cc0-1.0

9

List of SPDX licenses

json list spdx nodejs javascript spdx-licenses

Created 2014-08-05

63 commits to main branch, last one 4 months ago

packer-cli yohangz

3

86

mit

3

:boom: Full-fledged CLI tool to generate and package node modules compliant with Browser and NodeJS. Packer CLI support all modern style, unit test and script transpiler tools

Created 2018-09-18

531 commits to master branch, last one 4 years ago

cyclonedx-rust-cargo CycloneDX

39

79

apache-2.0

10

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

bom vex mbom obom purl rust sbom spdx cargo owasp saasbom cyclonedx package-url cargo-plugin sbom-generator bill-of-materials software-bill-of-materials

Created 2019-05-21

1,129 commits to main branch, last one a day ago