#Spdx
Showing 14 of 14 repositories tagged #spdx, ranked by stars
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
๐ Cargo plugin to generate list of all licenses for a crate ๐ฆ
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
๐ wraps all package managers with a unifying CLI
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
A utility to generate SPDX-compliant Bill of Materials manifests
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX โ covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
CLI tool for generating Licenses. Easily.