VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
-
Updated
Jun 12, 2024 - Go
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.
Your Comprehensive Vulnerability Management Tool
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A suite of tools to automate software compliance checks.
Python implementation of OWASP CycloneDX
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
A CLI tool for generating a Software Bill of Materials (SBOM) from Yocto Project.
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
GitHub app for SBOM creation using cdxgen and upload to Dependency-Track
Nix CycloneDX Software Bills of Materials (SBOMs)
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
Conventions provide a mechanism for platform operators to define cross cutting behavior that is applied to Kubernetes resources by understanding the developers intent and the semantics of the resources being advised.
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Manage SBOM and VEX like source code
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."