CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Mar 20, 2023 - Go
#
sbom
Here are 167 public repositories matching this topic...
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
javascript
chrome-extension
security
scanner
grunt-plugins
firefox-extension
build-tool
vulnerabilities
software-composition-analysis
vulnerable-libraries
insecure-libraries
sbom
sbom-generator
sbom-tool
-
Updated
Mar 14, 2023 - JavaScript
licensing
packages
open-source-licensing
dependency-graph
provenance
dependencies
license
spdx
copyright
sca
spdx-licenses
license-checking
license-scan
copyright-scan
software-composition-analysis
oss-compliance
purl
package-url
sbom
cyclonedx
-
Updated
Mar 20, 2023 - Python
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
security
owasp
bom
vulnerabilities
vulndb
appsec
component-analysis
nvd
vulnerability-detection
sca
software-security
security-automation
devsecops
software-composition-analysis
bill-of-materials
ossindex
purl
package-url
sbom
cyclonedx
-
Updated
Mar 20, 2023 - Java
HummerRisk 是云原生安全平台,包括混合云安全治理和容器云安全检测。
security
cloud
vulnerability
k8s
cloud-native
compliance
cve
cvss
cloud-custodian
compliance-as-code
prowler
sbom
kubernetes-security
trivy
k8s-security
cspm
cloud-native-security
-
Updated
Mar 20, 2023 - Java
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
security
continuous-delivery
dependency-analysis
cybersecurity
pci-dss
web-security
compliance
scanning
cve-scanning
tokenization
gdpr
security-tools
devsecops
software-composition-analysis
zero-trust
soc2
sbom
scanning-tool
sbom-generator
log4shell
-
Updated
Mar 20, 2023 - TypeScript
A suite of tools to assist with reviewing Open Source Software dependencies.
package-manager
open-source-licensing
foss
dependency-graph
provenance
compliance
dependencies
license
spdx
copyright
license-management
license-checking
license-scan
package-scan
copyright-scan
ospo
open-chain-project
oss-compliance
sbom
sbom-generator
-
Updated
Mar 21, 2023 - Kotlin
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
-
Updated
Mar 21, 2023 - C#
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
kubernetes
security
scanner
supply-chain
vulnerabilities
sbom
kubernetes-security
effortless-integrations
-
Updated
Mar 16, 2023 - Go
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python
docker
open-source
tool
containers
compliance
dependencies
spdx
metadata-extraction
risk-management
software-composition-analysis
oss-compliance
sbom
supply-chain-security
-
Updated
Mar 20, 2023 - Python
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
python
security
vulnerability
vulnerabilities
cve
hacktoberfest
cvss
security-automation
security-tools
devsecops
system-tools
sbom
swrepo
sbom-tool
-
Updated
Mar 20, 2023 - Python
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
government
docker
kubernetes
helm
docker-registry
oci
k8s
cloud-native
dod
airgap
gitops
kustomize
sbom
k3s
cosign
-
Updated
Mar 21, 2023 - Go
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
-
Updated
Mar 1, 2023
Make production Rust binaries auditable
-
Updated
Mar 21, 2023 - Rust
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
docker
security-audit
containers
dependency-analysis
vex
compliance
cve
sca
vulnerability-scanners
security-tools
devsecops
sbom
cyclonedx
risk-audit
dependency-audit
-
Updated
Mar 12, 2023 - Python
windows
macos
linux
homebrew
ruby-gem
npm
package-manager
steam
yarn
snap
apt
pacman
pip
portage
flatpak
php-composer
mac-app-store
package-url
sbom
xbar
-
Updated
Mar 16, 2023 - Python
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
golang
security
oss
supply-chain
spdx
vulnerability-scanners
security-automation
security-tools
devsecops
supplychain
syft
sbom
gomodule
cyclonedx
-
Updated
Mar 17, 2023 - Go
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
dependency-analysis
dependency-graph
hacktoberfest
vulnerability-scanner
sbom
hacktoberfest2021
sbom-generator
-
Updated
Sep 13, 2022 - Python
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
-
Updated
Mar 21, 2023
Scans your project to determine what components you use
static-analysis
dependencies
hacktoberfest
package-management
software-composition-analysis
software-bill-of-materials
sbom
-
Updated
Mar 20, 2023 - C#
Improve this page
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."