Repository navigation

#

spdx

anchore/syft
anchore / syft 

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

containersDockerGostatic-analysis工具ocisbomspdxcyclonedxHacktoberfest
Go
7485
9 小时前
aboutcode-org / scancode-toolkit 

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

licensecopyrightpackages依赖管理spdxprovenancelicense-scanlicensingspdx-licensesopen-source-licensinglicense-checkingsoftware-composition-analysispurlpackage-urlsbomscacyclonedxdependency-graph
Python
2356
15 小时前
oss-review-toolkit/ort
oss-review-toolkit / ort 

A suite of tools to automate software compliance checks.

Package manager依赖管理dependency-graphlicensecopyrightspdxcompliancelicense-managementsbomsbom-generatoropen-source-licensingospocyclonedxscaHacktoberfestcradora
Kotlin
1797
1 小时前
guacsec / guac 

GUAC aggregates software security metadata into a high fidelity graph database.

安全software-supply-chainsoftware-supply-chain-securitysupply-chain-securityattestationsgraphsbomcyclonedxspdxvexvulnerabilityvulnerability-management
Go
1393
1 天前
XmirrorSecurity / OpenSCA-cli 

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

scadevsecops安全sbomsoftware-composition-analysissoftware-supply-chainsoftware-supply-chain-securitystatic-analysisvulnerabilitiescyclonedxspdx
Go
1099
9 天前
tern-tools / tern 

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

PythoncontainerssbomDockercompliancespdx工具依赖管理software-composition-analysisrisk-managementOpen Sourcesupply-chain-security
Python
997
1 年前
fossology / fossology 

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

fossologyspdxlicense-managementlicensecomplianceOpen Sourcelicense-checkinglicense-scancompliance-checkcompliance-automationspdx-licenses
HTML
892
1 天前
package-url / purl-spec 

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

purlpackage-urlpackageurlcyclonedx依赖管理package-managementsbomspdx
Python
857
11 小时前
EmbarkStudios / cargo-about 

📜 Cargo plugin to generate list of all licenses for a crate 🦀

cargoRustlicensinglicense-checkingcargo-pluginspdxHacktoberfest
Rust
628
5 个月前
spdx / license-list-data 

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

spdxJSONlicensing
HTML
595
1 天前
devops-kung-fu / bomber 

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

spdxcyclonedxsbomOpen Sourcevulnerability-scannerssyftdevsecopsGo安全security-automation
Go
578
5 个月前
kdeldycke / meta-package-manager 

🎁 wraps all package managers with a unifying CLI

npmpipHomebrewmacOSmac-app-storeruby-gemLinuxWindowsaptFlatpakYarnsnapSteamxbarPackage managersbompackage-urlcyclonedxspdx
Python
528
2 小时前
fsfe / reuse-tool 

reuse is a tool for compliance with the REUSE recommendations.

Pythoncopyrightlicensinglinteranalyzerspdxfree-softwaresbom
Python
518
2 小时前
chainloop-dev / chainloop 

Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

compliancecyclonedxdevsecopssbom安全spdxsupply-chain-securitylicenseopen-source-licensingospoattestation
Go
482
6 分钟前
CycloneDX / specification 

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

bill-of-materialsbom软件spdxlicensesbomcyclonedxowaspstandardspecificationvex机器学习
XSLT
413
5 天前
kubernetes-sigs / bom 

A utility to generate SPDX-compliant Bill of Materials manifests

KubernetesGobomspdxsbom
Go
404
11 天前
CycloneDX / cyclonedx-cli 

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

bombill-of-materialspurlpackage-urlsbomcyclonedxspdxowaspsbom-generatorvexHacktoberfest
C#
392
11 小时前
spdx / spdx-spec 

The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

spdxspecificationbill-of-materialssbom
Python
340
13 小时前
CycloneDX / cyclonedx-maven-plugin 

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

bomspdxMavenmaven-pluginbill-of-materialspackage-urlpurlsbomcyclonedxowaspsbom-generatorvex
Java
328
1 个月前
CycloneDX / cyclonedx-python 

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Pythonpipbomsbomspdxbill-of-materialspackage-urlpurlcyclonedxowaspsbom-generatorpoetrycondarequirementsenvironmentHacktoberfest
Python
318
1 天前