#Software-composition-analysis

Showing 10 of 10 repositories tagged #software-composition-analysis, ranked by stars

dependency-check
dependency-check
DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Score
100
★ 7.6k ⑂ 1.4k +9/day
Java
RetireJS
RetireJS
retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Score
67
★ 4.2k ⑂ 439 +2/day
JavaScript
DependencyTrack
DependencyTrack
dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Score
83
★ 4.0k ⑂ 775 +6/day
Java
murphysecurity
murphysecurity
murphysec

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。

Score
50
★ 1.7k ⑂ 179 +1/day
Go
lunasec-io
lunasec-io
lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Score
0
★ 1.5k ⑂ 167
TypeScript
XmirrorSecurity
XmirrorSecurity
OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Score
17
★ 1.1k ⑂ 134
Go
safedep
safedep
vet

Protect against malicious open source packages 🤖

Score
33
★ 1.1k ⑂ 103 +5/day
Go
tern-tools
tern-tools
tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Score
100
★ 1.0k ⑂ 187
Python
albuch
albuch
sbt-dependency-check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

Score
50
★ 266 ⑂ 48
Scala
meta-fun
meta-fun
awesome-software-supply-chain-security

Sharing software supply chain security open source projects

Score
0
★ 54 ⑂ 5
Related Topics
#security#sbom#devsecops#vulnerability-detection#vulnerabilities#sca#software-supply-chain#supply-chain-security#build-tool#security-audit#sbom-generator#scanner

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly