Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with sbom

A curated list of projects in awesome lists tagged with sbom .

https://github.com/anchore/syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

containers cyclonedx docker go golang hacktoberfest oci sbom spdx static-analysis tool

Last synced: 29 Sep 2024

https://github.com/RetireJS/retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries

Last synced: 31 Jul 2024

https://github.com/retirejs/retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries

Last synced: 29 Sep 2024

https://github.com/dependencytrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulndb vulnerabilities vulnerability-detection

Last synced: 30 Sep 2024

https://github.com/DependencyTrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulndb vulnerabilities vulnerability-detection

Last synced: 01 Aug 2024

https://github.com/aboutcode-org/scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses

Last synced: 26 Sep 2024

https://github.com/nexB/scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses

Last synced: 31 Jul 2024

https://github.com/hummerrisk/hummerrisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 30 Sep 2024

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 02 Aug 2024

https://github.com/microsoft/sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

sbom sbom-generator

Last synced: 03 Aug 2024

https://github.com/lunasec-io/lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust

Last synced: 01 Oct 2024

https://github.com/zarf-dev/zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

airgap cloud-native cosign docker docker-registry dod gitops government helm k3s k8s kubernetes kustomize oci sbom

Last synced: 27 Sep 2024

https://github.com/defenseunicorns/zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

airgap cloud-native cosign docker docker-registry dod gitops government helm k3s k8s kubernetes kustomize oci sbom

Last synced: 03 Aug 2024

https://github.com/Portshift/kubei

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

effortless-integrations kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities

Last synced: 04 Aug 2024

https://github.com/openclarity/kubeclarity

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

effortless-integrations kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities

Last synced: 01 Aug 2024

https://github.com/intel/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 30 Sep 2024

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 02 Aug 2024

https://github.com/tern-tools/tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool

Last synced: 02 Oct 2024

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 01 Aug 2024

https://github.com/AppThreat/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 30 Jul 2024

https://github.com/package-url/purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

cyclonedx dependencies package package-management package-url purl sbom spdx url

Last synced: 31 Jul 2024

https://github.com/CycloneDX/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 01 Aug 2024

https://github.com/CycloneDX/specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex

Last synced: 03 Aug 2024

https://github.com/fsfe/reuse-tool

reuse is a tool for compliance with the REUSE recommendations.

analyzer copyright free-software fsfe licensing linter python reuse sbom spdx

Last synced: 01 Aug 2024

https://github.com/xeol-io/xeol

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

compliance end-of-life eol fedramp nist outdated-dep outdated-libraries outdated-packages pci-dss release-policy sbom security

Last synced: 03 Aug 2024

https://github.com/trailofbits/it-depends

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

dependency-analysis dependency-graph hacktoberfest hacktoberfest2021 sbom sbom-generator vulnerability-scanner

Last synced: 01 Aug 2024

https://github.com/chainloop-dev/chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security

Last synced: 03 Aug 2024

https://github.com/owasp-dep-scan/blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security

Last synced: 03 Aug 2024

https://github.com/kubernetes-sigs/bom

A utility to generate SPDX-compliant Bill of Materials manifests

bom go golang kubernetes sbom spdx

Last synced: 01 Aug 2024

https://github.com/CycloneDX/cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex

Last synced: 01 Aug 2024

https://github.com/ckotzbauer/sbom-operator

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

k8s kubernetes operator sbom supply-chain-security

Last synced: 03 Aug 2024

https://github.com/CycloneDX/bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex

Last synced: 03 Aug 2024

https://github.com/snyk/parlay

Enrich SBOMs with data from third party services

cyclonedx sbom sbom-tool snyk

Last synced: 01 Aug 2024

https://github.com/ckotzbauer/vulnerability-operator

Scans SBOMs for vulnerabilities with Grype

cve grype kubernetes policyreport sbom security vulnerabilities

Last synced: 03 Aug 2024

https://github.com/oxsecurity/codetotal

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

code-quality-analyzer iac megalinter sast sbom sbom-generator secrets-detection security supply-chain supply-chain-security vulnerability-scanners

Last synced: 17 Aug 2024

https://github.com/patriksvensson/covenant

A tool to generate SBOM (Software Bill of Material) from source code artifacts.

cyclonedx openchain sbom spdx

Last synced: 01 Oct 2024

https://github.com/kubernetes-sigs/tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

attestation provenance sbom sigstore slsa

Last synced: 04 Aug 2024

https://github.com/goreleaser/supply-chain-example

Example goreleaser + github actions config with keyless signing and SBOM generation

cosign go golang goreleaser sbom signing sigstore software-bill-of-materials supply-chain syft

Last synced: 03 Aug 2024

https://github.com/spdx/ntia-conformance-checker

Check SPDX SBOM for NTIA minimum elements

sbom sbom-tool

Last synced: 08 Aug 2024

https://github.com/jenkinsci/dependency-track-plugin

Main repository for the official Dependency-Track Jenkins plugin

appsec bom builder component-analysis jenkins jenkins-pipeline jenkins-plugin owasp report sbom security

Last synced: 29 Sep 2024

https://github.com/interlynk-io/sbomasm

SBOM Assembler - A tool to compose your various sboms into a single sbom.

cyclonedx devsecops go golang gomodule oss sbom sbom-generator sbom-tool security spdx

Last synced: 03 Aug 2024

https://github.com/VexStore/fatbom

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

cpe purl sbom supply-chain

Last synced: 03 Aug 2024

https://github.com/CycloneDX/cyclonedx-webpack-plugin

Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

bill-of-materials bom cyclonedx javascript mbom owasp package-url purl sbom sbom-generator sbom-tool software-bill-of-materials spdx webpack webpack-plugin

Last synced: 03 Aug 2024

https://github.com/omnibor/omnibor-rs

Reproducible identifiers & fine-grained build dependency tracking for software artifacts.

omnibor rust sbom

Last synced: 28 Sep 2024

https://github.com/siemens/continuous-clearing

The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian/Maven/Python/Conan/Aipine project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing.

alpine conan container cyclonedx docker license-clearing maven npm nuget nuget-package python sbom

Last synced: 30 Sep 2024

https://github.com/manifest-cyber/aibom

A community wiki for all things AI/ML bill of materials (MLBOM, AIBOM) and transparency into AI/ML models.

ai aibom ml mlbom sbom

Last synced: 03 Aug 2024

https://github.com/anthonyharrison/distro2sbom

Generates SBOM files from system packaging information

cyclonedx debian devsecops python redhat sbom sbom-generator spdx ubuntu

Last synced: 29 Sep 2024

https://github.com/hrbrmstr/sbom

Generate Software Bill of Materials for R Things

r rstats sbom sbom-generator

Last synced: 13 Aug 2024

https://github.com/morpheuslord/startup-sbom

A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.

apt-packages cyclonedx linux linux-app package-resolver reverse-engineering rpm-packa sbom sbom-tool startup startup-script

Last synced: 28 Sep 2024

https://github.com/jasona7/ChatCVE

ChatCVE is an app using the Langchain SQL Language Tool to give a LLM prompt experience to CVE and SBOM DevSecOps Triage Data

devsecops python sbom security

Last synced: 01 Aug 2024

https://github.com/cyclonedx/cyclonedx-node-yarn

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

bill-of-materials bom cyclonedx node nodejs sbom sbom-generator sbom-tool software-bill-of-materials yarn yarn-plugin

Last synced: 29 Sep 2024

https://github.com/sethmlarson/pip-sbom

Generate Software Bill-of-Materials (SBOMs) for Python environments from distribution metadata

pip python sbom software-bill-of-materials

Last synced: 02 Oct 2024

https://github.com/jhutchings1/spdx-to-dependency-graph-action

A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts

dependency-graph dependency-submission sbom security spdx

Last synced: 02 Aug 2024

https://github.com/googlecloudplatform/aactl

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

artifact attestations build container cosign gcb gcp import predicate sbom sigstore slsa

Last synced: 28 Sep 2024

https://github.com/ninoseki/mihama

osv.dev API clone

cyclonedx osv sbom spdx

Last synced: 01 Oct 2024

https://github.com/azure/obom

Inspect and push SBOMs (such as SPDX documents) to an OCI registry as an OCI artifact

oci sbom spdx

Last synced: 30 Sep 2024

https://github.com/mostafa/practical-cscrm

Practical Cybersecurity Supply Chain Risk Management

c-scrm cyclonedx dependency-track docker nist owasp sbom supply-chain supply-chain-security syft

Last synced: 02 Oct 2024

https://github.com/viveksahu26/stree

Convert Json structure into directory Tree or file Tree

go json sbom

Last synced: 26 Sep 2024

https://github.com/jamiemagee/openvex.net

.NET types for OpenVEX documents

openvex sbom vex

Last synced: 01 Oct 2024

https://github.com/platform-system-interface/sbom

Utilities for firmware SBoMs

firmware go rust sbom swid

Last synced: 28 Sep 2024

https://github.com/nitro/cyclonedx-conan

Nitro fork of archived repo https://github.com/CycloneDX/cyclonedx-conan with changes required to work with our conan version.

conan cyclonedx nitroapp owner-pro product-pro-windows sbom terraform-managed type-desktop

Last synced: 26 Sep 2024