Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with cyclonedx

A curated list of projects in awesome lists tagged with cyclonedx .

https://github.com/anchore/syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

containers cyclonedx docker go golang hacktoberfest oci sbom spdx static-analysis tool

Last synced: 05 May 2025

https://github.com/dependencytrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 28 Apr 2025

https://github.com/DependencyTrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 30 Mar 2025

https://github.com/aboutcode-org/scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses

Last synced: 08 May 2025

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 26 Apr 2025

https://github.com/xmirrorsecurity/opensca-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 13 Apr 2025

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 03 Apr 2025

https://github.com/cyclonedx/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 13 Apr 2025

https://github.com/CycloneDX/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 01 Apr 2025

https://github.com/ARPSyndicate/puncia

Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 05 Apr 2025

https://github.com/arpsyndicate/puncia

Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 10 Apr 2025

https://github.com/package-url/purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

cyclonedx dependencies package package-management package-url purl sbom spdx url

Last synced: 22 Mar 2025

https://github.com/cyclonedx/specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex

Last synced: 06 Mar 2025

https://github.com/CycloneDX/specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex

Last synced: 08 May 2025

https://github.com/owasp-dep-scan/blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security

Last synced: 07 May 2025

https://github.com/CycloneDX/cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex

Last synced: 14 Apr 2025

https://github.com/cyclonedx/cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex

Last synced: 08 Apr 2025

https://github.com/cyclonedx/cyclonedx-python

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

bill-of-materials bom conda cyclonedx environment owasp package-url pip poetry purl python python3 requirements sbom sbom-generator sbom-tool software-bill-of-materials spdx

Last synced: 08 Apr 2025

https://github.com/cyclonedx/bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex

Last synced: 06 Mar 2025

https://github.com/CycloneDX/bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex

Last synced: 08 May 2025

https://github.com/snyk/parlay

Enrich SBOMs with data from third party services

cyclonedx sbom sbom-tool snyk

Last synced: 03 Apr 2025

https://github.com/aboutcode-org/scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

cyclonedx docker foss-compliance license open-source package-url purl sca scancode software-composition-analysis spdx virtual-machine vulnerabilities

Last synced: 15 Apr 2025

https://github.com/cyclonedx/cyclonedx-node-module

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

bom cyclonedx dependency-graph meta-package metapackage node nodejs sbom sbom-generator sbom-tool software-bill-of-materials

Last synced: 11 Apr 2025

https://github.com/cyclonedx/transparency-exchange-api

A standard API specification for exchanging supply chain artifacts and intelligence

api-spec bill-of-materials bom cyclonedx owasp sbom sbom-distribution software-bill-of-materials specification tc54

Last synced: 07 Apr 2025

https://github.com/patriksvensson/covenant

A tool to generate SBOM (Software Bill of Material) from source code artifacts.

cyclonedx openchain sbom spdx

Last synced: 15 Apr 2025

https://github.com/interlynk-io/sbomasm

SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.

cyclonedx devsecops go golang gomodule oss sbom sbom-generator sbom-tool security spdx

Last synced: 08 May 2025

https://github.com/cyclonedx/cyclonedx-linux-generator

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

bill-of-materials bom cyclonedx linux owasp sbom sbom-generator software-bill-of-materials

Last synced: 15 Apr 2025

https://github.com/anthonyharrison/sbomdiff

This tool compares two Software Bill of Materials (SBOMs) and reports the differences.

cyclonedx devsecops sbom sbom-tool spdx tools

Last synced: 06 May 2025

https://github.com/aboutcode-org/dejacode

Automate open source license compliance and ensure software supply chain integrity

cyclonedx foss-compliance license open-source package-url purl sca scancode spdx vulnerabilities

Last synced: 11 Apr 2025

https://github.com/psastras/sbom-rs

A group of Rust projects for interacting with and producing software bill of materials (SBOMs).

bom cargo cyclonedx rust sbom spdx

Last synced: 15 Apr 2025

https://github.com/oss-review-toolkit/ort-ci-github-action

Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs

actions ci cyclonedx github-action github-actions license-checking ospo sbom sbom-generator spdx

Last synced: 15 Apr 2025

https://github.com/siemens/continuous-clearing

The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian/Maven/Python/Conan/Aipine project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing.

alpine conan container cyclonedx docker license-clearing maven npm nuget nuget-package python sbom

Last synced: 12 Apr 2025

https://github.com/lsto/swift-package-sbom

A software bill of materials (SBoM) generator for Swift packages

cyclonedx sbom-generator swift

Last synced: 29 Nov 2024

https://github.com/cyclonedx/cyclonedx-cocoapods

Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.

bill-of-materials bom cocoapods cyclonedx mbom objective-c obom owasp saasbom sbom sbom-generator software-bill-of-materials swift vex

Last synced: 05 Apr 2025

https://github.com/cyclonedx/cyclonedx-node-yarn

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

bill-of-materials bom cyclonedx hacktoberfest node nodejs sbom sbom-generator sbom-tool software-bill-of-materials yarn yarn-plugin

Last synced: 10 Apr 2025

https://github.com/madpah/vexy

Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents

cyclonedx python vex vulnerability-exchange vulnerability-exploitability

Last synced: 15 Apr 2025

https://github.com/anthonyharrison/sbom4python

A tool to generate a SBOM (Software Bill of Materials) for an installed Python module

cyclonedx devsecops python sbom sbom-generator security spdx

Last synced: 11 Apr 2025

https://github.com/anthonyharrison/distro2sbom

Generates SBOM files from system packaging information

cyclonedx debian devsecops python redhat sbom sbom-generator spdx ubuntu

Last synced: 10 Feb 2025

https://github.com/anthonyharrison/sbom2doc

Transform SBOM contents into a formatted document including markdown and PDF formats

cyclonedx devsecops markdown-generator pdf-generation sbom sbom-tool spdx

Last synced: 19 Dec 2024

https://github.com/cyclonedx/cyclonedx-dotnet-library

.NET library to consume and produce CycloneDX Software Bill of Materials (SBOM)

bill-of-materials bom cyclonedx dotnet dotnet-core mbom nuget obom owasp saasbom sbom software-bill-of-materials vex

Last synced: 04 Apr 2025

https://github.com/cyclonedx/cyclonedx-property-taxonomy

A taxonomy of all official CycloneDX property namespaces and names

cyclonedx registry taxonomy

Last synced: 07 May 2025

https://github.com/morpheuslord/startup-sbom

A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.

apt-packages cyclonedx linux linux-app package-resolver reverse-engineering rpm-packa sbom sbom-tool startup startup-script

Last synced: 23 Jan 2025

https://github.com/cyclonedx/cyclonedx-javascript-library

Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.

bill-of-materials bom cyclonedx hacktoberfest json library mbom node obom owasp saasbom sbom software-bill-of-materials software-library spdx vdr vex web xml

Last synced: 05 Apr 2025

https://github.com/cyclonedx/cyclonedx-node-pnpm

Create CycloneDX Software Bill of Materials (SBOM) from Node.js PNPM projects.

bill-of-materials bom cyclonedx node nodejs pnpm sbom sbom-generator software-bill-of-materials

Last synced: 15 Apr 2025

https://github.com/cyclonedx/sbom-comparator

Lockheed Martin developed utility to compare two CycloneDX SBOMs

bill-of-materials bom cyclonedx owasp sbom software-bill-of-materials

Last synced: 10 May 2025

https://github.com/devops-kung-fu/trustier

Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev

cyclonedx provenance sbom trust

Last synced: 30 Jan 2025

https://github.com/anthonyharrison/lib4vex

Library to ingest and generate VEX documents

csaf cyclonedx devsecops library openvex python sbom vex vulnerabilities

Last synced: 11 Apr 2025

https://github.com/thomasvitale/supply-chain-security-java

Samples showing how to secure the supply chain for Java applications.

cyclonedx java sbom sigstore slsa supply-chain-security

Last synced: 15 Mar 2025

https://github.com/cyclonedx/cyclonedx.org

Public website cyclonedx.org

cyclonedx owasp

Last synced: 06 Mar 2025

https://github.com/louib/nix2sbom

nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation

cyclonedx github-actions nix nixos purl sbom sbom-generator security software-bill-of-materials spdx supply-chain supply-chain-security

Last synced: 24 Mar 2025

https://github.com/cyclonedx/cyclonedx-authoring-tool

An experimental user interface for manually creating, editing, and viewing CycloneDX SBOMs

authoring-tool bill-of-materials bom cyclonedx mbom node obom owasp package-url purl saasbom sbom software-bill-of-materials spdx vex vue

Last synced: 15 Apr 2025

https://github.com/cyclonedx/sbom-combiner

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs

bill-of-materials bom cyclonedx owasp sbom software-bill-of-materials

Last synced: 10 May 2025

https://github.com/anthonyharrison/sbom-manager

Manage collection of SBOMs (Software Bill of Materials)

cyclonedx devsecops sbom sbom-repository sbom-tool security spdx vulnerabilities

Last synced: 11 Apr 2025

https://github.com/ninoseki/mihama

osv.dev API clone

cyclonedx osv sbom spdx

Last synced: 19 Apr 2025

https://github.com/anthonyharrison/mlbomdoc

Document generator for ML-BOM (ML Bill of Materials)

ai cyclonedx mlbom supply-chain transparency

Last synced: 11 Apr 2025

https://github.com/cyclonedx/cyclonedx-buildroot

Create CycloneDX Software Bill of Materials (SBOM) for Buildroot projects

bill-of-materials bom buildroot cyclonedx sbom sbom-generator sbom-tool software-bill-of-materials

Last synced: 15 Apr 2025

https://github.com/mostafa/practical-cscrm

Practical Cybersecurity Supply Chain Risk Management

c-scrm cyclonedx dependency-track docker nist owasp sbom supply-chain supply-chain-security syft

Last synced: 29 Jan 2025

https://github.com/anthonyharrison/sbom4files

SBOM generator for files within a directory

cyclonedx devsecops sbom sbom-generator sbom-tool spdx tool

Last synced: 11 Apr 2025

https://github.com/anthonyharrison/sbom4rust

SBOM4Rust generates a Software Bill of Materials (SBOM) for a Rust component.

cyclonedx devsecops rust sbom sbom-generator security spdx

Last synced: 11 Apr 2025

https://github.com/anthonyharrison/sbom2dot

Create a dependency graph of the components within a SBOM

cyclonedx graphviz-dot-language sbom sbom-tool spdx

Last synced: 11 Apr 2025

https://github.com/shiftleftcyber/shiftsbom-utils

A pure client side Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).

bitbucket bitbucket-pipelines bitbucket-pipes cicd cyclonedx open-source-security oss sbom supply-chain-security

Last synced: 11 Mar 2025