#Spdx

Showing 14 of 14 repositories tagged #spdx, ranked by stars

anchore
anchore
syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Score
100
โ˜… 9.2k โ‘‚ 884 +6/day
Go
guacsec
guacsec
guac

GUAC aggregates software security metadata into a high fidelity graph database.

Score
100
โ˜… 1.5k โ‘‚ 205 โ€”
Go
XmirrorSecurity
XmirrorSecurity
OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Score
50
โ˜… 1.1k โ‘‚ 134 โ€”
Go
tern-tools
tern-tools
tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Score
0
โ˜… 1.0k โ‘‚ 187 โ€”
Python
cdxgen
cdxgen
cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Score
100
โ˜… 1.0k โ‘‚ 254 +5/day
JavaScript
EmbarkStudios
EmbarkStudios
cargo-about

๐Ÿ“œ Cargo plugin to generate list of all licenses for a crate ๐Ÿฆ€

Score
100
โ˜… 752 โ‘‚ 43 +6/day
Rust
devops-kung-fu
devops-kung-fu
bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Score
0
โ˜… 622 โ‘‚ 55 +2/day
Go
kdeldycke
kdeldycke
meta-package-manager

๐ŸŽ wraps all package managers with a unifying CLI

Score
100
โ˜… 602 โ‘‚ 49 +3/day
Python
chainloop-dev
chainloop-dev
chainloop

SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

Score
0
โ˜… 568 โ‘‚ 53 โ€”
Go
CycloneDX
CycloneDX
specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Score
0
โ˜… 521 โ‘‚ 88 โ€”
XSLT
kubernetes-sigs
kubernetes-sigs
bom

A utility to generate SPDX-compliant Bill of Materials manifests

Score
50
โ˜… 461 โ‘‚ 65 +1/day
Go
CycloneDX
CycloneDX
cyclonedx-python

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Score
0
โ˜… 386 โ‘‚ 95 +2/day
Python
sbom-tool
sbom-tool
sbom-tools

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX โ€” covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Score
0
โ˜… 231 โ‘‚ 13 โ€”
Rust
cezaraugusto
cezaraugusto
mklicense

CLI tool for generating Licenses. Easily.

Score
0
โ˜… 204 โ‘‚ 8 +1/day
TypeScript
Related Topics
#sbom#cyclonedx#security#supply-chain#software-bill-of-materials#bom#containers#docker#golang#software-supply-chain-security#supply-chain-security

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly