#

sbom

Here are 269 public repositories matching this topic...

openclarity / vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

security cloud malware exploits vulnerabilities vulnerability-scanners rootkits agentless leaked-secrets sbom secrets-detection misconfigurations

Updated Jun 12, 2024
Go

janfuhrer / podsalsa

Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification

provenance ko goreleaser sbom slsa supply-chain-security cosign

Updated Jun 12, 2024
Go

IBM / sonar-cryptography

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

cryptography sonarqube sonar post-quantum-cryptography quantum-safe post-quantum sbom sbom-tool crypto-scanner cbom cryptographic-inventory cbom-tool

Updated Jun 12, 2024
Java

trivialsec / triage-by-trivial-security

Your Comprehensive Vulnerability Management Tool

vex vulnerability-management sarif oscal sbom cyclonedx slsa software-transparency

Updated Jun 12, 2024
Vue

chainloop-dev / chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated Jun 12, 2024
Go

ort

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Updated Jun 12, 2024
Kotlin

cyclonedx-python-lib

CycloneDX / cyclonedx-python-lib

Python implementation of OWASP CycloneDX

python library owasp bom vex spdx attestation bill-of-materials software-bill-of-materials purl package-url sbom software-library cyclonedx obom mbom saasbom cbom

Updated Jun 12, 2024
Python

dependency-track

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Updated Jun 12, 2024
Java

wfrisch / idlib

Identify embedded C and C++ libraries

git indexer code-duplication sbom

Updated Jun 12, 2024
Python

Wind-River / meta-wr-sbom

A CLI tool for generating a Software Bill of Materials (SBOM) from Yocto Project.

tool static-analysis yocto spdx sbom

Updated Jun 12, 2024
Roff

kubernetes-sigs / tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

provenance attestation sbom slsa sigstore

Updated Jun 12, 2024
Go

technolinator

MediaMarktSaturn / technolinator

GitHub app for SBOM creation using cdxgen and upload to Dependency-Track

github-app sbom quarkus cyclonedx dependency-track quarkus-maven cdxgen

Updated Jun 12, 2024
Java

nikstur / bombon

Nix CycloneDX Software Bills of Materials (SBOMs)

components nix nixos bom dependencies license spdx bill-of-materials software-bill-of-materials purl sbom cyclonedx sbom-generator

Updated Jun 11, 2024
Rust

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

python security vulnerability vulnerabilities cve hacktoberfest cvss security-automation security-tools devsecops system-tools sbom swrepo sbom-tool

Updated Jun 11, 2024
Python

zarf

defenseunicorns / zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

government docker kubernetes helm docker-registry oci k8s cloud-native dod airgap gitops kustomize sbom k3s cosign

Updated Jun 12, 2024
Go

vmware-tanzu / cartographer-conventions

Conventions provide a mechanism for platform operators to define cross cutting behavior that is applied to Kubernetes resources by understanding the developers intent and the semantics of the resources being advised.

conventions intent opinions cartographer sbom

Updated Jun 11, 2024
Go

oracle / macaron

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.

build-system cicd integrity-protection malware-detection sbom slsa supply-chain-security

Updated Jun 12, 2024
Python

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

docker containers supply-chain owasp bom oci sca software-bill-of-materials purl package-url sbom cyclonedx saasbom cbom

Updated Jun 12, 2024
JavaScript

cyclonedx-maven-plugin

CycloneDX / cyclonedx-maven-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

maven owasp maven-plugin bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated Jun 12, 2024
Java

productaize / bogrod

Manage SBOM and VEX like source code

security vex vulnerabilities release-notes release-automation sbom cyclonedx

Updated Jun 11, 2024
Python

Improve this page

Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."