Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with spdx
A curated list of projects in awesome lists tagged with spdx .
https://github.com/anchore/syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
containers cyclonedx docker go golang hacktoberfest oci sbom spdx static-analysis tool
Last synced: 16 Dec 2024
https://github.com/aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses
Last synced: 19 Dec 2024
https://github.com/oss-review-toolkit/ort
A suite of tools to automate software compliance checks.
compliance copyright cra cyclonedx dependencies dependency-graph dora hacktoberfest license license-management open-source-licensing ospo oss-compliance package-manager sbom sbom-generator sca spdx
Last synced: 18 Dec 2024
https://github.com/heremaps/oss-review-toolkit
A suite of tools to automate software compliance checks.
compliance copyright copyright-scan cyclonedx dependencies dependency-graph hacktoberfest license license-checking license-management license-scan open-source-licensing ospo oss-compliance package-manager package-scan sbom sbom-generator sca spdx
Last synced: 01 Oct 2024
https://github.com/xmirrorsecurity/opensca-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities
Last synced: 20 Dec 2024
https://github.com/XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities
Last synced: 11 Nov 2024
https://github.com/tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
compliance containers dependencies docker metadata-extraction open-source oss-compliance python risk-management sbom software-composition-analysis spdx supply-chain-security tool
Last synced: 20 Dec 2024
https://github.com/fossology/fossology
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
compliance compliance-automation compliance-check fossology license license-checking license-management license-scan oss spdx spdx-licenses
Last synced: 06 Nov 2024
https://github.com/package-url/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
cyclonedx dependencies package package-management package-url purl sbom spdx url
Last synced: 28 Nov 2024
https://github.com/embarkstudios/cargo-about
📜 Cargo plugin to generate list of all licenses for a crate 🦀
cargo cargo-plugin hacktoberfest license-checking licensing rust rust-lang spdx
Last synced: 19 Dec 2024
https://github.com/EmbarkStudios/cargo-about
📜 Cargo plugin to generate list of all licenses for a crate 🦀
cargo cargo-plugin hacktoberfest license-checking licensing rust rust-lang spdx
Last synced: 07 Nov 2024
https://github.com/devops-kung-fu/bomber
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
cyclonedx devsecops epss golang gomodule oss sbom security security-automation security-tools spdx supply-chain supplychain syft vulnerability-scanners
Last synced: 07 Nov 2024
https://github.com/spdx/license-list-data
Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON
html-format json licenses licensing rdfa spdx
Last synced: 05 Nov 2024
https://github.com/kdeldycke/meta-package-manager
🎁 wraps all package managers with a unifying CLI
apt cyclonedx flatpak homebrew linux mac-app-store macos npm package-manager package-url php-composer pip ruby-gem sbom snap spdx steam windows xbar yarn
Last synced: 19 Dec 2024
https://github.com/chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
attestation compliance cyclonedx devsecops in-toto license metadata-platform open-source-licensing ospo oss-compliance regulated-industry sbom sbom-discovery sbom-distribution security slsa slsa-provenance spdx supply-chain-security
Last synced: 14 Nov 2024
https://github.com/cyclonedx/specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex
Last synced: 16 Nov 2024
https://github.com/CycloneDX/specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
bill-of-materials bom cbom cpe cyclonedx license machine-learning mbom owasp saasbom sbom software software-bill-of-materials spdx specification standard supply-chain swid tc54 vex
Last synced: 14 Nov 2024
https://github.com/cyclonedx/cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 15 Dec 2024
https://github.com/kubernetes-sigs/bom
A utility to generate SPDX-compliant Bill of Materials manifests
bom go golang kubernetes sbom spdx
Last synced: 05 Nov 2024
https://github.com/cyclonedx/cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bill-of-materials bom cyclonedx maven maven-plugin mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 21 Dec 2024
https://github.com/CycloneDX/cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bill-of-materials bom cyclonedx maven maven-plugin mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 14 Nov 2024
https://github.com/CycloneDX/cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 08 Nov 2024
https://github.com/spdx/spdx-spec
The SPDX specification in MarkDown and HTML formats.
licenses linux-foundation software-package-data-exchange spdx specification
Last synced: 02 Nov 2024
https://spdx.github.io/spdx-spec/
The SPDX specification in MarkDown and HTML formats.
licenses linux-foundation software-package-data-exchange spdx specification
Last synced: 14 Nov 2024
https://github.com/src-d/go-license-detector
Reliable project licenses detector.
license-management license-scan spdx spdx-license spdx-licenses
Last synced: 21 Nov 2024
https://github.com/cyclonedx/cyclonedx-python
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
bill-of-materials bom conda cyclonedx environment owasp package-url pip poetry purl python python3 requirements sbom sbom-generator sbom-tool software-bill-of-materials spdx
Last synced: 15 Dec 2024
https://github.com/cyclonedx/cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
bill-of-materials bom cyclonedx dotnet dotnet-core hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 21 Dec 2024
https://github.com/interlynk-io/sbomqs
SBOM quality score - Quality metrics for your sboms
cyclonedx devsecops-pipeline go golang sbom sbom-examples sbom-quality sbom-samples sbom-score sbom-tool security-tools spdx supply-chain-security
Last synced: 07 Nov 2024
https://github.com/cyclonedx/cyclonedx-gradle-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
bill-of-materials bom cyclonedx gradle gradle-plugin owasp package-url purl sbom sbom-generator software-bill-of-materials spdx
Last synced: 18 Dec 2024
https://github.com/aboutcode-org/scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
cyclonedx docker foss-compliance license open-source package-url purl sca scancode software-composition-analysis spdx virtual-machine vulnerabilities
Last synced: 15 Dec 2024
https://github.com/boyter/lc
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.
classifier cli command-line-tool commandline go golang license license-management licensechecker open-source-licensing spdx
Last synced: 27 Oct 2024
https://github.com/cyclonedx/cyclonedx-rust-cargo
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
bill-of-materials bom cargo cargo-plugin cyclonedx mbom obom owasp package-url purl rust saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 21 Dec 2024
https://github.com/cyclonedx/sbom-utility
Utility that provides an API platform for validating, querying and managing BOM data
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-quality sbom-tool software-bill-of-materials spdx spdx-license spdx-sbom vdr vex
Last synced: 16 Dec 2024
https://github.com/sindresorhus/spdx-license-list
List of SPDX licenses
javascript json list nodejs spdx spdx-licenses
Last synced: 20 Dec 2024
https://github.com/yohangz/packer-cli
:boom: Full-fledged CLI tool to generate and package node modules compliant with Browser and NodeJS. Packer CLI support all modern style, unit test and script transpiler tools
babel build-tool eslint gulp handlebars istambul jasmine jest jsdom less mocha nodejs reactjs rollupjs sass spdx stylelint stylus tslint typescript
Last synced: 12 Nov 2024
https://github.com/cyclonedx/cyclonedx-core-java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
bill-of-materials bom cyclonedx library mbom obom owasp package-url purl saasbom sbom software-bill-of-materials spdx vex
Last synced: 21 Dec 2024
https://github.com/hashicorp/copywrite
Automate copyright headers and license files at scale
compliance copyright licensing oss spdx
Last synced: 21 Dec 2024
https://github.com/cyclonedx/cyclonedx-python-lib
Python implementation of OWASP CycloneDX
attestation bill-of-materials bom cbom cyclonedx hacktoberfest library mbom obom owasp package-url purl python saasbom sbom software-bill-of-materials software-library spdx vex
Last synced: 21 Dec 2024
https://github.com/CycloneDX/cyclonedx-python-lib
Python implementation of OWASP CycloneDX
attestation bill-of-materials bom cbom cyclonedx hacktoberfest library mbom obom owasp package-url purl python saasbom sbom software-bill-of-materials software-library spdx vex
Last synced: 14 Nov 2024
https://github.com/nikstur/bombon
Nix CycloneDX Software Bills of Materials (SBOMs)
bill-of-materials bom components cyclonedx dependencies license nix nixos purl sbom sbom-generator software-bill-of-materials spdx
Last synced: 20 Nov 2024
https://github.com/patriksvensson/covenant
A tool to generate SBOM (Software Bill of Material) from source code artifacts.
Last synced: 01 Nov 2024
https://github.com/aboutcode-org/license-expression
Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX or any other license id scheme.
boolean-expression license-expression licensing python spdx spdx-license
Last synced: 21 Dec 2024
https://github.com/spdx/ntia-conformance-checker
Check SPDX SBOM for NTIA minimum elements
Last synced: 27 Nov 2024
https://github.com/cyclonedx/cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
bill-of-materials bom composer composer-plugin cyclonedx dependency-graph owasp package-url php purl sbom sbom-generator sbom-tool software-bill-of-materials spdx
Last synced: 18 Dec 2024
https://github.com/CycloneDX/cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
bill-of-materials bom composer composer-plugin cyclonedx dependency-graph owasp package-url php purl sbom sbom-generator sbom-tool software-bill-of-materials spdx
Last synced: 18 Nov 2024
https://github.com/spdx/spdx-license-diff
Chrome/Firefox browser extension to compare text against spdx license list
chrome firefox hacktoberfest license-compliance open-source-licenses spdx
Last synced: 11 Nov 2024
https://github.com/oss-review-toolkit/ort-ci-github-action
Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs
actions ci cyclonedx github-action github-actions license-checking ospo sbom sbom-generator spdx
Last synced: 16 Nov 2024
https://github.com/mitchellh/go-spdx
Golang library for listing and looking up licenses using SPDX IDs.
Last synced: 17 Oct 2024
https://github.com/CycloneDX/cyclonedx-webpack-plugin
Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
bill-of-materials bom cyclonedx javascript mbom owasp package-url purl sbom sbom-generator sbom-tool software-bill-of-materials spdx webpack webpack-plugin
Last synced: 14 Nov 2024
https://github.com/cyclonedx/cyclonedx-webpack-plugin
Create CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
bill-of-materials bom cyclonedx javascript mbom owasp package-url purl sbom sbom-generator sbom-tool software-bill-of-materials spdx webpack webpack-plugin
Last synced: 16 Nov 2024
https://github.com/cyclonedx/cyclonedx-ruby-gem
Creates CycloneDX Software Bill of Materials (SBOM) from Ruby projects
bill-of-materials bom bundler cyclonedx gem mbom obom owasp package-url purl ruby saasbom sbom sbom-generator software-bill-of-materials spdx vex
Last synced: 16 Nov 2024
https://github.com/anthonyharrison/sbom4python
A tool to generate a SBOM (Software Bill of Materials) for an installed Python module
cyclonedx devsecops python sbom sbom-generator security spdx
Last synced: 07 Nov 2024
https://github.com/morficus/license-ls
Get a list of licenses used by a projects dependencies
inspector license license-checking license-scan licenses licenses-detector list ls npm-ls package report reporter spdx spdx-license spdx-licenses
Last synced: 27 Nov 2024
https://github.com/anthonyharrison/sbom2doc
Transform SBOM contents into a formatted document including markdown and PDF formats
cyclonedx devsecops markdown-generator pdf-generation sbom sbom-tool spdx
Last synced: 19 Dec 2024
https://github.com/aboutcode-org/dejacode
Automate open source license compliance and ensure software supply chain integrity
cyclonedx foss-compliance license open-source package-url purl sca scancode spdx vulnerabilities
Last synced: 14 Nov 2024
https://github.com/alilleybrinker/cargo-spdx
Generate an SPDX Software Bill of Materials for Rust crates.
Last synced: 27 Oct 2024
https://github.com/anthonyharrison/distro2sbom
Generates SBOM files from system packaging information
cyclonedx debian devsecops python redhat sbom sbom-generator spdx ubuntu
Last synced: 19 Dec 2024
https://github.com/interlynk-io/sbomgr
SBOM Grep - search through SBOMs
cyclonedx devsecops devsecops-pipeline go golang gomodule sbom-tool spdx supplychain
Last synced: 14 Nov 2024
https://github.com/cyclonedx/cyclonedx-javascript-library
Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.
bill-of-materials bom cyclonedx hacktoberfest json library mbom node obom owasp saasbom sbom software-bill-of-materials software-library spdx vdr vex web xml
Last synced: 21 Dec 2024
https://github.com/patriksvensson/spdx
A .NET library that makes it easy to retrieve information about SPDX licenses.
licenses open-source spdx spdx-licenses
Last synced: 08 Nov 2024
https://github.com/llnl/surfactant
Modular framework for SBOM generation that gathers file information and analyzes dependencies
cyclonedx dependencies dependency-analysis dependency-graph hacktoberfest python python3 sbom sbom-generator software-bill-of-materials software-composition-analysis spdx static-analysis tool
Last synced: 11 Nov 2024
https://github.com/domcleal/spdx-licenses
SPDX license and identifier lookup
Last synced: 27 Oct 2024
https://github.com/oss-review-toolkit/ort-ci-gitlab
Use ORT in your GitLab pipelines
ci cyclonedx gitlab gitlab-ci license-checking ospo sbom sbom-generator spdx
Last synced: 16 Nov 2024
https://github.com/condy0919/spdx.el
Insert SPDX license header
emacs emacs-lisp license-management spdx spdx-license
Last synced: 28 Nov 2024
https://github.com/anthonyharrison/lib4sbom
Library to ingest and generate SBOMs
cyclonedx devsecops library mlbom python sbom sbom-generator sbom-tool spdx
Last synced: 07 Nov 2024
https://github.com/cutenode/conformance
☑️ Module to check SPDX license expression conformance and surface meta information about license expressions
conformance depth fsf insight licenses osi spdx
Last synced: 09 Nov 2024
https://github.com/sajayantony/obom_cli
Tool to inspect and push and SPDX document as an OCI artifact
Last synced: 07 Nov 2024
https://github.com/jhutchings1/spdx-to-dependency-graph-action
A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts
dependency-graph dependency-submission sbom security spdx
Last synced: 12 Nov 2024
https://github.com/refcell/lice
Dead simple, minimal SPDX License generator library written in Rust.
Last synced: 09 Nov 2024
https://github.com/louib/nix2sbom
nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation
cyclonedx github-actions nix nixos purl sbom sbom-generator security software-bill-of-materials spdx supply-chain supply-chain-security
Last synced: 28 Oct 2024
https://github.com/cyclonedx/cyclonedx-php-library
PHP Implementation of OWASP CycloneDX Bill of Materials (BOM)
bill-of-materials bom cyclonedx hacktoberfest library mbom obom owasp php saasbom sbom software-bill-of-materials software-library spdx vex
Last synced: 16 Nov 2024
https://github.com/cyclonedx/cyclonedx-authoring-tool
An experimental user interface for manually creating, editing, and viewing CycloneDX SBOMs
authoring-tool bill-of-materials bom cyclonedx mbom node obom owasp package-url purl saasbom sbom software-bill-of-materials spdx vex vue
Last synced: 16 Nov 2024
https://github.com/pmonks/tools-licenses
A Clojure tools.build task library related to dependency licenses.
clojure license-checking licenses licensing spdx tools-build
Last synced: 27 Oct 2024
https://github.com/anthonyharrison/sbom-manager
Manage collection of SBOMs (Software Bill of Materials)
cyclonedx devsecops sbom sbom-repository sbom-tool security spdx vulnerabilities
Last synced: 07 Nov 2024
https://github.com/sean-clayton/licensor
Simple LICENSE file generator
cli license license-generator rust spdx
Last synced: 13 Nov 2024
https://github.com/azure/obom
Inspect and push SBOMs (such as SPDX documents) to an OCI registry as an OCI artifact
Last synced: 09 Nov 2024
https://github.com/samuraiaku/spdx.jl
Provides for the creation, reading and writing of SPDX files in multiple file formats. Written in pure Julia.
Last synced: 22 Oct 2024
https://github.com/anthonyharrison/sbom4files
SBOM generator for files within a directory
cyclonedx devsecops sbom sbom-generator sbom-tool spdx tool
Last synced: 07 Nov 2024
https://github.com/hen/spdx-cheat-sheet
SPDX Cheatsheet for lazy people like me
Last synced: 06 Dec 2024
https://github.com/artichoke/generate_third_party
📜 Generate listings of third party licenses for Artichoke Ruby
artichoke cli github-actions license-checking licensing ruby rubygem rust spdx
Last synced: 06 Nov 2024
https://github.com/johnnyjayjay/spdx-guide
A command line application that helps you create SPDX files for your projects
cli hacktoberfest licensing spdx tool
Last synced: 30 Oct 2024
https://github.com/stephanlachnit/dep5convert
Module for converting DEP5 style copyright files
Last synced: 15 Oct 2024
https://github.com/ryanccn/spdx-gen
SPDX license generator
clap clap-cli hacktoberfest license license-generator rust rust-cli spdx spdx-licenses
Last synced: 17 Oct 2024
https://github.com/kyoh86/go-spdx
The package parses SPDX license expression strings describing license terms.
Last synced: 17 Nov 2024
https://github.com/adaptant-labs/spdx-licenses-dart
A Dart library for working with the SPDX License List
dart dart-library dart2 dartlang spdx spdx-license spdx-licenses
Last synced: 18 Nov 2024
https://github.com/anthonyharrison/sbom2dot
Create a dependency graph of the components within a SBOM
cyclonedx graphviz-dot-language sbom sbom-tool spdx
Last synced: 07 Nov 2024
https://github.com/anthonyharrison/sbom4rust
SBOM4Rust generates a Software Bill of Materials (SBOM) for a Rust component.
cyclonedx devsecops rust sbom sbom-generator security spdx
Last synced: 07 Nov 2024
https://github.com/joshdk/licensor
📝 Detect what license a project is distributed under
compliance golang license license-checking license-management license-scan licenses oss oss-compliance spdx spdx-license
Last synced: 16 Nov 2024
https://github.com/juancarlospaco/parselicense
Parse Standard SPDX Licenses from string to Enum
license-checking license-management nim nim-lang spdx spdx-license spdx-licenses
Last synced: 28 Nov 2024
https://github.com/tobysmith568/license-cop
Yet another license checker tool for your dependencies; focused on simplicity.
cli foss github-actions license license-management npm-package oss spdx spdx-licenses typescript
Last synced: 28 Oct 2024
https://github.com/pfefferle/dash-spdx-licenses
An SPDX-Licenses Dash.app docset
dash docset license spdx spdx-license
Last synced: 03 Dec 2024
https://github.com/drsensor/granular-licensing-example
Some references on how to do dual-licensing and also use different license on specific files 🤷
dual-licensed license licenses licensing spdx
Last synced: 20 Nov 2024
https://github.com/hernanmd/license-selector
Pharo app to browse updated available licenses from SPDX License List
license-management licenses pharo pharo-smalltalk smalltalk spdx
Last synced: 31 Oct 2024
https://github.com/thehale/git-authorship
See who wrote each line of code in your git repository with interactive reports.
copyright education git git-blame grading hacktoberfest oss-compliance reporting spdx
Last synced: 18 Dec 2024
