#Cyclonedx
Showing 16 of 16 repositories tagged #cyclonedx, ranked by stars
A vulnerability scanner for container images and filesystems
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
๐ wraps all package managers with a unifying CLI
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX โ covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
ReARM - Release Governance Platform for the Agentic Era
Generate CycloneDX SBOMs for Delphi projects โ EU Cyber Resilience Act compliance in one click
Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.
Pure-Rust Android decompiler and security-audit suite. DEX โ Java, Hermes โ JavaScript. Cross-layer taint across the React Native bridge. CycloneDX SBOM + OpenVEX. CLI and MCP. Bytecode is not a security layer.