Skip to content
#

software-composition-analysis

Star

Here are 14 public repositories matching this topic...

Language: All
Filter by language
All 14 Java 5 Go 3 JavaScript 2 Python 2 C 1 Scala 1
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

nexB / scancode-toolkit

Star
Open

Validate that all licenses (and their URLs) are detected from https://directory.fsf.org/wiki?title=Category:License

14
pombredanne
pombredanne commented Sep 5, 2020

There are about ~240 URLs and licenses listed at https://directory.fsf.org/wiki?title=Category:License
We should:

  1. ensure that we can detect all of them
  2. ensure that we can detect their URL
    We should also add as an "other_urls" ech URL to the corresponding license YAML

fsf-license-urls.txt

Read more
easy good first issue license scan new feature
Find more good first issues

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedx
  • Updated Nov 4, 2020
  • Java

pmckeown / dependency-track-maven-plugin

Star
Open

Add Name to Findings Output

pmckeown
pmckeown commented Oct 8, 2020

Current output from the findings goal looks like the example below. It would be useful to have the Name of the issue in the output too.

Current:

[INFO] MEDIUM: org.apache.struts:struts-core:1.3.5
[INFO] 
[INFO] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts befor
[INFO] e 2.3.1.1, when developer mode is used, allows remote attackers to execu
[INFO] te arbitrary c
Read more
enhancement good first issue

Improve this page

Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."

Learn more

You can’t perform that action at this time.