stevespringett Follow

stevespringett Follow

Steve Springett stevespringett

I build stuff, I break stuff, I develop stuff to protect stuff. Creator of @DependencyTrack, and @CycloneDX. Core team member of @package-url.

Follow

150 followers · 1 following · 115

Highlights

Arctic Code Vault Contributor
Pro

Organizations

Pinned

DependencyTrack/dependency-track

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Java 576 184
CycloneDX/specification

Software Bill-of-Material (SBOM) specification designed for use in application security contexts and supply chain component analysis

XSLT 32 9
package-url/purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

129 32
OWASP/Software-Component-Verification-Standard

Software Component Verification Standard (SCVS)

Python 47 7
CPE-Parser

A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

Java 14 7
cvss-calculator

A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

Java 15 10

2,068 contributions in the last year

Contribution activity

August 2020

stevespringett/dependency-track Java Aug 10

593 data model migration Aug 13

Created an issue in CycloneDX/specification that received 4 comments

Expand hardware support

CycloneDX has support for components of type 'device'. However, device-specific fields have been left out of the core specification as they are bet…

4 comments

Autodiscover implemented in 1.2.37 - 1.2.73 breaks existing applications Aug 8

Add audit schema extension Aug 2

Joined the Open Source Security Foundation (OpenSSF) organization

Open Source Security Foundation (OpenSSF)

You can’t perform that action at this time.