Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with sbom
A curated list of projects in awesome lists tagged with sbom .
https://github.com/anchore/syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
containers cyclonedx docker go golang hacktoberfest oci sbom spdx static-analysis tool
Last synced: 29 Sep 2024
https://github.com/RetireJS/retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries
Last synced: 31 Jul 2024
https://github.com/retirejs/retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries
Last synced: 29 Sep 2024
https://github.com/dependencytrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
appsec bill-of-materials bom component-analysis cyclonedx devsecops nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulndb vulnerabilities vulnerability-detection
Last synced: 30 Sep 2024
https://github.com/DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
appsec bill-of-materials bom component-analysis cyclonedx devsecops nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulndb vulnerabilities vulnerability-detection
Last synced: 01 Aug 2024
https://github.com/aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses
Last synced: 26 Sep 2024
https://github.com/nexB/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses
Last synced: 31 Jul 2024
https://github.com/hummerrisk/hummerrisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability
Last synced: 30 Sep 2024
https://github.com/HummerRisk/HummerRisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability
Last synced: 02 Aug 2024
https://github.com/microsoft/sbom-tool
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Last synced: 03 Aug 2024
https://github.com/oss-review-toolkit/ort
A suite of tools to automate software compliance checks.
compliance copyright copyright-scan cyclonedx dependencies dependency-graph hacktoberfest license license-checking license-management license-scan open-source-licensing ospo oss-compliance package-manager package-scan sbom sbom-generator sca spdx
Last synced: 26 Sep 2024
https://github.com/heremaps/oss-review-toolkit
A suite of tools to automate software compliance checks.
compliance copyright copyright-scan cyclonedx dependencies dependency-graph hacktoberfest license license-checking license-management license-scan open-source-licensing ospo oss-compliance package-manager package-scan sbom sbom-generator sca spdx
Last synced: 01 Oct 2024
https://github.com/lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust
Last synced: 01 Oct 2024
https://github.com/zarf-dev/zarf
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
airgap cloud-native cosign docker docker-registry dod gitops government helm k3s k8s kubernetes kustomize oci sbom
Last synced: 27 Sep 2024
https://github.com/defenseunicorns/zarf
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
airgap cloud-native cosign docker docker-registry dod gitops government helm k3s k8s kubernetes kustomize oci sbom
Last synced: 03 Aug 2024
https://github.com/Portshift/kubei
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
effortless-integrations kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities
Last synced: 04 Aug 2024
https://github.com/openclarity/kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
effortless-integrations kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities
Last synced: 01 Aug 2024
https://github.com/intel/cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability
Last synced: 30 Sep 2024
https://github.com/XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities
Last synced: 02 Aug 2024
https://github.com/tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool
Last synced: 02 Oct 2024
https://github.com/owasp-dep-scan/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners
Last synced: 01 Aug 2024
https://github.com/AppThreat/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners
Last synced: 30 Jul 2024
https://github.com/package-url/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
cyclonedx dependencies package package-management package-url purl sbom spdx url
Last synced: 31 Jul 2024
https://github.com/rust-secure-code/cargo-auditable
Make production Rust binaries auditable
cargo-plugin cargo-subcommand rust rust-lang sbom security-audit security-automation security-tools
Last synced: 28 Sep 2024
https://github.com/CycloneDX/cdxgen
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain
Last synced: 01 Aug 2024
https://github.com/sandworm-hq/sandworm-audit
Security & License Compliance For Your App's Dependencies 🪱
audit cli compliance d3-visualization dependencies dependencies-graph dependencies-tree license-checking license-compliance license-management sbom security security-tools supply-chain vulnerabilities vulnerability vulnerability-scanners
Last synced: 01 Aug 2024
https://github.com/devops-kung-fu/bomber
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
cyclonedx devsecops golang gomodule oss sbom security security-automation security-tools spdx supply-chain supplychain syft vulnerability-scanners
Last synced: 01 Aug 2024
https://github.com/kdeldycke/meta-package-manager
🎁 wraps all package managers with a unifying CLI
apt flatpak homebrew linux mac-app-store macos npm package-manager package-url pacman php-composer pip portage ruby-gem sbom snap steam windows xbar yarn
Last synced: 27 Sep 2024
https://github.com/microsoft/component-detection
Scans your project to determine what components you use
dependencies package-management sbom software-bill-of-materials software-composition-analysis static-analysis
Last synced: 03 Aug 2024
https://github.com/CycloneDX/specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex
Last synced: 03 Aug 2024
https://github.com/xeol-io/xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
compliance end-of-life eol fedramp nist outdated-dep outdated-libraries outdated-packages pci-dss release-policy sbom security
Last synced: 03 Aug 2024
https://github.com/trailofbits/it-depends
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
dependency-analysis dependency-graph hacktoberfest hacktoberfest2021 sbom sbom-generator vulnerability-scanner
Last synced: 01 Aug 2024
https://github.com/chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security
Last synced: 03 Aug 2024
https://github.com/owasp-dep-scan/blint
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security
Last synced: 03 Aug 2024
https://github.com/kubernetes-sigs/bom
A utility to generate SPDX-compliant Bill of Materials manifests
bom go golang kubernetes sbom spdx
Last synced: 01 Aug 2024
https://github.com/cyclonedx/cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bill-of-materials bom cyclonedx maven maven-plugin mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 29 Sep 2024
https://github.com/CycloneDX/cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bill-of-materials bom cyclonedx maven maven-plugin mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 03 Aug 2024
https://github.com/CycloneDX/cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 01 Aug 2024
https://github.com/ckotzbauer/sbom-operator
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
k8s kubernetes operator sbom supply-chain-security
Last synced: 03 Aug 2024
https://github.com/CycloneDX/bom-examples
A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex
Last synced: 03 Aug 2024
https://github.com/interlynk-io/sbomqs
SBOM quality score - Quality metrics for your sboms
cyclonedx devsecops-pipeline go golang sbom sbom-examples sbom-quality sbom-samples sbom-score sbom-tool security-tools spdx supply-chain-security
Last synced: 01 Aug 2024
https://github.com/snyk/parlay
Enrich SBOMs with data from third party services
Last synced: 01 Aug 2024
https://github.com/OWASP/KubeLight
OWASP Kubernetes security and compliance tool [WIP]
cis compliance containers cve-scanning devsecops docker kubernetes kubernetes-security nsa owasp pci-dss python sbom scanner security security-tools vulnerability-management
Last synced: 03 Aug 2024
https://github.com/ckotzbauer/vulnerability-operator
Scans SBOMs for vulnerabilities with Grype
cve grype kubernetes policyreport sbom security vulnerabilities
Last synced: 03 Aug 2024
https://github.com/oxsecurity/codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
code-quality-analyzer iac megalinter sast sbom sbom-generator secrets-detection security supply-chain supply-chain-security vulnerability-scanners
Last synced: 17 Aug 2024
https://github.com/patriksvensson/covenant
A tool to generate SBOM (Software Bill of Material) from source code artifacts.
Last synced: 01 Oct 2024
https://github.com/CycloneDX/cyclonedx-python-lib
Python implementation of OWASP CycloneDX
attestation bill-of-materials bom cbom cyclonedx library mbom obom owasp package-url purl python saasbom sbom software-bill-of-materials software-library spdx vex
Last synced: 03 Aug 2024
https://github.com/kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
attestation provenance sbom sigstore slsa
Last synced: 04 Aug 2024
https://github.com/goreleaser/supply-chain-example
Example goreleaser + github actions config with keyless signing and SBOM generation
cosign go golang goreleaser sbom signing sigstore software-bill-of-materials supply-chain syft
Last synced: 03 Aug 2024
https://github.com/spdx/ntia-conformance-checker
Check SPDX SBOM for NTIA minimum elements
Last synced: 08 Aug 2024
https://github.com/jenkinsci/dependency-track-plugin
Main repository for the official Dependency-Track Jenkins plugin
appsec bom builder component-analysis jenkins jenkins-pipeline jenkins-plugin owasp report sbom security
Last synced: 29 Sep 2024
https://github.com/CycloneDX/cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
bill-of-materials bom composer composer-plugin cyclonedx dependency-graph owasp package-url php purl sbom sbom-generator sbom-tool software-bill-of-materials spdx
Last synced: 04 Aug 2024
https://github.com/VexStore/fatbom
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
Last synced: 03 Aug 2024
https://github.com/CycloneDX/cyclonedx-webpack-plugin
Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
bill-of-materials bom cyclonedx javascript mbom owasp package-url purl sbom sbom-generator sbom-tool software-bill-of-materials spdx webpack webpack-plugin
Last synced: 03 Aug 2024
https://github.com/omnibor/omnibor-rs
Reproducible identifiers & fine-grained build dependency tracking for software artifacts.
Last synced: 28 Sep 2024
https://github.com/siemens/continuous-clearing
The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian/Maven/Python/Conan/Aipine project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing.
alpine conan container cyclonedx docker license-clearing maven npm nuget nuget-package python sbom
Last synced: 30 Sep 2024
https://github.com/anthonyharrison/distro2sbom
Generates SBOM files from system packaging information
cyclonedx debian devsecops python redhat sbom sbom-generator spdx ubuntu
Last synced: 29 Sep 2024
https://github.com/hrbrmstr/sbom
Generate Software Bill of Materials for R Things
Last synced: 13 Aug 2024
https://github.com/morpheuslord/startup-sbom
A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.
apt-packages cyclonedx linux linux-app package-resolver reverse-engineering rpm-packa sbom sbom-tool startup startup-script
Last synced: 28 Sep 2024
https://github.com/jasona7/ChatCVE
ChatCVE is an app using the Langchain SQL Language Tool to give a LLM prompt experience to CVE and SBOM DevSecOps Triage Data
devsecops python sbom security
Last synced: 01 Aug 2024
https://github.com/cyclonedx/cyclonedx-node-yarn
Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.
bill-of-materials bom cyclonedx node nodejs sbom sbom-generator sbom-tool software-bill-of-materials yarn yarn-plugin
Last synced: 29 Sep 2024
https://github.com/interlynk-io/sbomex
Find & pull public SBOMs
go golang sbom sbom-distribution sbom-examples sbom-repository sbom-samples sbom-tool
Last synced: 03 Aug 2024
https://github.com/sethmlarson/pip-sbom
Generate Software Bill-of-Materials (SBOMs) for Python environments from distribution metadata
pip python sbom software-bill-of-materials
Last synced: 02 Oct 2024
https://github.com/jhutchings1/spdx-to-dependency-graph-action
A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts
dependency-graph dependency-submission sbom security spdx
Last synced: 02 Aug 2024
https://github.com/azure/obom
Inspect and push SBOMs (such as SPDX documents) to an OCI registry as an OCI artifact
Last synced: 30 Sep 2024
https://github.com/jamiemagee/stethoscope
Inventory container image packages in .NET
container container-image containers docker docker-daemon sbom software-bill-of-materials
Last synced: 01 Oct 2024
https://github.com/mostafa/practical-cscrm
Practical Cybersecurity Supply Chain Risk Management
c-scrm cyclonedx dependency-track docker nist owasp sbom supply-chain supply-chain-security syft
Last synced: 02 Oct 2024
https://github.com/viveksahu26/stree
Convert Json structure into directory Tree or file Tree
Last synced: 26 Sep 2024
https://github.com/nitro/cyclonedx-conan
Nitro fork of archived repo https://github.com/CycloneDX/cyclonedx-conan with changes required to work with our conan version.
conan cyclonedx nitroapp owner-pro product-pro-windows sbom terraform-managed type-desktop
Last synced: 26 Sep 2024