CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Nov 4, 2024 - Go
#
spdx
Here are 197 public repositories matching this topic...
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
licensing
packages
open-source-licensing
dependency-graph
provenance
dependencies
license
spdx
copyright
sca
spdx-licenses
license-checking
license-scan
copyright-scan
software-composition-analysis
oss-compliance
purl
package-url
sbom
cyclonedx
-
Updated
Nov 4, 2024 - Python
A suite of tools to automate software compliance checks.
package-manager
open-source-licensing
dependency-graph
compliance
dependencies
license
spdx
copyright
hacktoberfest
license-management
sca
license-checking
license-scan
package-scan
copyright-scan
ospo
oss-compliance
sbom
cyclonedx
sbom-generator
-
Updated
Nov 4, 2024 - Kotlin
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
security
static-analysis
vulnerabilities
spdx
software-supply-chain
sca
swid
devsecops
software-composition-analysis
software-bill-of-materials
license-compliance
sbom
cyclonedx
software-supply-chain-security
-
Updated
Oct 11, 2024 - Go
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python
docker
open-source
tool
containers
compliance
dependencies
spdx
metadata-extraction
risk-management
software-composition-analysis
oss-compliance
sbom
supply-chain-security
-
Updated
Mar 12, 2024 - Python
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
oss
compliance
license
spdx
license-management
fossology
spdx-licenses
license-checking
license-scan
compliance-check
compliance-automation
-
Updated
Oct 29, 2024 - PHP
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
-
Updated
Nov 4, 2024
📜 Cargo plugin to generate list of all licenses for a crate 🦀
-
Updated
Sep 2, 2024 - Rust
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
golang
security
oss
supply-chain
spdx
vulnerability-scanners
security-automation
security-tools
devsecops
supplychain
syft
sbom
gomodule
cyclonedx
epss
-
Updated
Nov 4, 2024 - Go
🎁 wraps all package managers with a unifying CLI
windows
macos
linux
homebrew
ruby-gem
npm
package-manager
steam
yarn
snap
apt
pip
spdx
flatpak
php-composer
mac-app-store
package-url
sbom
cyclonedx
xbar
-
Updated
Nov 3, 2024 - Python
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
security
open-source-licensing
compliance
license
spdx
attestation
devsecops
ospo
oss-compliance
sbom
in-toto
cyclonedx
slsa
supply-chain-security
sbom-distribution
slsa-provenance
metadata-platform
sbom-discovery
regulated-industry
-
Updated
Nov 4, 2024 - Go
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
machine-learning
supply-chain
owasp
specification
standard
bom
software
vex
license
spdx
cpe
swid
bill-of-materials
software-bill-of-materials
sbom
cyclonedx
mbom
saasbom
tc54
cbom
-
Updated
Nov 4, 2024 - XSLT
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
owasp
bom
vex
spdx
hacktoberfest
bill-of-materials
software-bill-of-materials
purl
package-url
sbom
cyclonedx
sbom-generator
obom
mbom
saasbom
-
Updated
Oct 24, 2024 - C#
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
maven
owasp
maven-plugin
bom
vex
spdx
bill-of-materials
software-bill-of-materials
purl
package-url
sbom
cyclonedx
sbom-generator
obom
mbom
saasbom
-
Updated
Nov 2, 2024 - Java
The SPDX specification in MarkDown and HTML formats.
specification
spdx
licenses
bill-of-materials
linux-foundation
software-bill-of-materials
software-package-data-exchange
sbom
spdx-sbom
-
Updated
Oct 28, 2024 - Python
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
python
environment
poetry
conda
owasp
python3
pip
bom
spdx
hacktoberfest
requirements
bill-of-materials
software-bill-of-materials
purl
package-url
sbom
cyclonedx
sbom-generator
sbom-tool
-
Updated
Nov 2, 2024 - Python
Reliable project licenses detector.
-
Updated
Jun 9, 2023 - Go
Improve this page
Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."