Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with sbom

A curated list of projects in awesome lists tagged with sbom .

https://github.com/anchore/syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

containers cyclonedx docker go golang hacktoberfest oci sbom spdx static-analysis tool

Last synced: 18 Apr 2025

https://github.com/retirejs/retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries

Last synced: 22 Apr 2025

https://github.com/RetireJS/retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

build-tool chrome-extension firefox-extension grunt-plugins insecure-libraries javascript sbom sbom-generator sbom-tool scanner security software-composition-analysis vulnerabilities vulnerable-libraries

Last synced: 26 Mar 2025

https://github.com/dependencytrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 10 Apr 2025

https://github.com/DependencyTrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 30 Mar 2025

https://github.com/aboutcode-org/scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses

Last synced: 22 Apr 2025

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 12 Nov 2024

https://github.com/microsoft/sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

sbom sbom-generator

Last synced: 13 Apr 2025

https://github.com/hummerrisk/hummerrisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 13 Apr 2025

https://github.com/lunasec-io/lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust

Last synced: 14 Apr 2025

https://github.com/zarf-dev/zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

airgap cloud-native cosign docker docker-registry dod gitops government helm k3s k8s kubernetes kustomize oci sbom

Last synced: 08 Apr 2025

https://github.com/openclarity/openclarity

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

cloud exploits kubernetes leaked-secrets malware rootkits sbom scanner security supply-chain virtual-machine vulnerabilities

Last synced: 12 Apr 2025

https://github.com/intel/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 09 Apr 2025

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 11 Nov 2024

https://github.com/xmirrorsecurity/opensca-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 13 Apr 2025

https://github.com/tern-tools/tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool

Last synced: 14 Apr 2025

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 03 Apr 2025

https://github.com/cyclonedx/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 13 Apr 2025

https://github.com/CycloneDX/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 01 Apr 2025

https://github.com/arpsyndicate/puncia

Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 10 Apr 2025

https://github.com/ARPSyndicate/puncia

Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 05 Apr 2025

https://github.com/package-url/purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

cyclonedx dependencies package package-management package-url purl sbom spdx url

Last synced: 22 Mar 2025

https://github.com/fsfe/reuse-tool

reuse is a tool for compliance with the REUSE recommendations.

analyzer copyright free-software fsfe licensing linter python reuse sbom spdx

Last synced: 10 Apr 2025

https://github.com/xeol-io/xeol

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

compliance end-of-life eol fedramp nist outdated-dep outdated-libraries outdated-packages pci-dss release-policy sbom security

Last synced: 13 Apr 2025

https://github.com/cyclonedx/specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex

Last synced: 06 Mar 2025

https://github.com/chainloop-dev/chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security

Last synced: 14 Nov 2024

https://github.com/CycloneDX/specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex

Last synced: 14 Nov 2024

https://github.com/kubernetes-sigs/bom

A utility to generate SPDX-compliant Bill of Materials manifests

bom go golang kubernetes sbom spdx

Last synced: 06 Apr 2025

https://github.com/trailofbits/it-depends

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

dependency-analysis dependency-graph hacktoberfest hacktoberfest2021 sbom sbom-generator vulnerability-scanner

Last synced: 14 Apr 2025

https://github.com/CycloneDX/cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex

Last synced: 14 Apr 2025

https://github.com/cyclonedx/cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex

Last synced: 08 Apr 2025

https://github.com/owasp-dep-scan/blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security

Last synced: 14 Nov 2024

https://github.com/cyclonedx/cyclonedx-python

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

bill-of-materials bom conda cyclonedx environment owasp package-url pip poetry purl python python3 requirements sbom sbom-generator sbom-tool software-bill-of-materials spdx

Last synced: 08 Apr 2025

https://github.com/ckotzbauer/sbom-operator

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

k8s kubernetes operator sbom supply-chain-security

Last synced: 09 Apr 2025

https://github.com/cyclonedx/bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex

Last synced: 06 Mar 2025

https://github.com/CycloneDX/bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-examples software-bill-of-materials vex

Last synced: 14 Nov 2024

https://github.com/snyk/parlay

Enrich SBOMs with data from third party services

cyclonedx sbom sbom-tool snyk

Last synced: 03 Apr 2025

https://github.com/cyclonedx/cyclonedx-gomod

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

bill-of-materials bom go-modules golang mbom obom owasp saasbom sbom sbom-generator software-bill-of-materials vex

Last synced: 08 Apr 2025

https://github.com/oracle/macaron

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:

build-system cicd docker gradle integrity-protection malware-analysis malware-detection maven npm python sbom slsa supply-chain-security

Last synced: 04 Apr 2025

https://github.com/cyclonedx/cyclonedx-node-module

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

bom cyclonedx dependency-graph meta-package metapackage node nodejs sbom sbom-generator sbom-tool software-bill-of-materials

Last synced: 11 Apr 2025

https://github.com/mchmarny/s3cme

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

attestation cosine oidc provenance sbom slsa supply-chain-security vulnerability

Last synced: 15 Apr 2025

https://github.com/openclarity/vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

agentless cloud exploits leaked-secrets malware misconfigurations rootkits sbom secrets-detection security vulnerabilities vulnerability-scanners

Last synced: 06 Apr 2025

https://github.com/cyclonedx/cyclonedx-go

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

bill-of-materials bom golang library mbom obom owasp saasbom sbom software-bill-of-materials vex

Last synced: 10 Apr 2025

https://github.com/anchore/grant

Search an SBOM for licenses and the packages they belong to

compliance golang license sbom static-analysis

Last synced: 07 Apr 2025

https://github.com/ckotzbauer/vulnerability-operator

Scans SBOMs for vulnerabilities with Grype

cve grype kubernetes policyreport sbom security vulnerabilities

Last synced: 06 Apr 2025

https://github.com/oxsecurity/codetotal

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

code-quality-analyzer iac megalinter sast sbom sbom-generator secrets-detection security supply-chain supply-chain-security vulnerability-scanners

Last synced: 17 Feb 2025

https://github.com/cyclonedx/transparency-exchange-api

A standard API specification for exchanging supply chain artifacts and intelligence

api-spec bill-of-materials bom cyclonedx owasp sbom sbom-distribution software-bill-of-materials specification tc54

Last synced: 07 Apr 2025

https://github.com/bgeesaman/malicious-compliance

Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"

kubernetes sbom scanner

Last synced: 11 Apr 2025

https://github.com/patriksvensson/covenant

A tool to generate SBOM (Software Bill of Material) from source code artifacts.

cyclonedx openchain sbom spdx

Last synced: 15 Apr 2025

https://github.com/interlynk-io/sbomasm

SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.

cyclonedx devsecops go golang gomodule oss sbom sbom-generator sbom-tool security spdx

Last synced: 14 Nov 2024

https://github.com/goreleaser/goreleaser-example-supply-chain

Example goreleaser + github actions config with keyless signing and SBOM generation

cosign go golang goreleaser sbom signing sigstore software-bill-of-materials supply-chain syft

Last synced: 16 Nov 2024

https://github.com/kubernetes-sigs/tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

attestation provenance sbom sigstore slsa

Last synced: 21 Nov 2024

https://github.com/goreleaser/example-supply-chain

Example goreleaser + github actions config with keyless signing and SBOM generation

cosign go golang goreleaser sbom signing sigstore software-bill-of-materials supply-chain syft

Last synced: 08 Apr 2025

https://github.com/spdx/ntia-conformance-checker

Check SPDX SBOM for NTIA minimum elements

sbom sbom-tool spdx

Last synced: 27 Nov 2024

https://github.com/edoardottt/depsdev

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

blue-team cargo defensive-security dependency dependency-management dependency-scanning dependency-security go go-module golang-module hacktoberfest maven npm npm-module nuget package-security pypi sbom sbom-generator security

Last synced: 16 Mar 2025

https://github.com/jenkinsci/dependency-track-plugin

Main repository for the official Dependency-Track Jenkins plugin

appsec bom builder component-analysis jenkins jenkins-pipeline jenkins-plugin owasp report sbom security

Last synced: 08 Apr 2025

https://github.com/cyclonedx/cyclonedx-linux-generator

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

bill-of-materials bom cyclonedx linux owasp sbom sbom-generator software-bill-of-materials

Last synced: 15 Apr 2025

https://github.com/jenstroeger/python-package-template

An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.

conventional-commits python python-package release-automation reproducible-builds sbom secure-by-design security-automation slsa slsaprovenance template-repository

Last synced: 15 Apr 2025

https://github.com/openclarity/kubeclarity

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities

Last synced: 26 Feb 2025

https://github.com/VexStore/fatbom

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

cpe purl sbom supply-chain

Last synced: 14 Nov 2024

https://github.com/psastras/sbom-rs

A group of Rust projects for interacting with and producing software bill of materials (SBOMs).

bom cargo cyclonedx rust sbom spdx

Last synced: 15 Apr 2025

https://github.com/oss-review-toolkit/ort-ci-github-action

Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs

actions ci cyclonedx github-action github-actions license-checking ospo sbom sbom-generator spdx

Last synced: 15 Apr 2025

https://github.com/siemens/continuous-clearing

The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian/Maven/Python/Conan/Aipine project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing.

alpine conan container cyclonedx docker license-clearing maven npm nuget nuget-package python sbom

Last synced: 12 Apr 2025

https://github.com/omnibor/omnibor-rs

Reproducible identifiers & fine-grained build dependency tracking for software artifacts.

omnibor rust sbom

Last synced: 07 Apr 2025

https://github.com/anthonyharrison/sbomdiff

This tool compares two Software Bill of Materials (SBOMs) and reports the differences.

cyclonedx devsecops sbom sbom-tool spdx tools

Last synced: 26 Dec 2024

https://github.com/securestackco/actions-sbom

A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

automation-testing bill-of-materials deployment deployment-automation o sbom sbom-distribution sbom-generator sbom-repository sbom-tool security security-audit security-automation

Last synced: 12 Apr 2025

https://github.com/CycloneDX/cyclonedx-webpack-plugin

Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

bill-of-materials bom cyclonedx javascript mbom owasp package-url purl sbom sbom-generator sbom-tool software-bill-of-materials spdx webpack webpack-plugin

Last synced: 14 Nov 2024