sbom · GitHub Topics

anchore / syft

syft 是一个 CLI 工具和 Go 库，用于从容器镜像和文件系统生成软件物料清单（SBOM）

containers Docker Go static-analysis 工具 oci sbom spdx cyclonedx Hacktoberfest

Go 7.2 k

2 天前

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

vulnerabilities scanner Firefox 插件 JavaScript Chrome 插件 build-tool 安全 software-composition-analysis sbom sbom-generator

JavaScript 3.86 k

10 天前

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Java 3.1 k

1 天前

e-m-b-a / emba

EMBA - The firmware security analyzer

firmware Linux embedded-linux 安全 pentesting Hacking Internet of things penetration-testing embedded-systems vulnerability-scanners firmware-tools firmware-analysis static-analyzer 逆向工程 binary-analysis vulnerability-scanner Cybersecurity 人工智能 sbom

Shell 3 k

4 天前

aboutcode-org / scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...

license copyright packages 依赖管理 spdx provenance license-scan licensing spdx-licenses open-source-licensing license-checking software-composition-analysis purl package-url sbom sca cyclonedx dependency-graph

Python 2.3 k

2 天前

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

sbom sbom-generator

C# 1.81 k

6 天前

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Package manager 依赖管理 dependency-graph license copyright spdx compliance license-management sbom sbom-generator open-source-licensing ospo cyclonedx sca Hacktoberfest cra dora

Kotlin 1.76 k

1 天前

zarf-dev / zarf

DevSecOps for Airgap & Limited-Connection Systems. https://zarf.dev/

Kubernetes airgap cloud-native helm government dod k3s kustomize oci cosign Docker docker-registry GitOps sbom

Go 1.58 k

3 天前

HummerRisk / HummerRisk

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native prowler 安全 sbom cloud-native-security cspm kubernetes-security trivy compliance vulnerability

Java 1.49 k

6 个月前

lunasec-io / lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

tokenization web-security compliance 安全 soc2 pci-dss gdpr zero-trust devsecops log4shell dependency-analysis scanning Cybersecurity scanning-tool cve-scanning sbom sbom-generator Continuous Delivery (CD)software-composition-analysis

TypeScript 1.45 k

1 年前

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

Common Vulnerabilities and Exposures (CVE)安全 Hacktoberfest vulnerabilities cvss swrepo devsecops security-automation Python sbom vulnerability

Python 1.44 k

5 天前

openclarity / openclarity

OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure

cloud Exploit Kubernetes leaked-secrets Malware sbom scanner 安全 virtual-machine vulnerabilities

Go 1.41 k

7 天前

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

安全 software-supply-chain software-supply-chain-security supply-chain-security attestations graph sbom cyclonedx spdx vex vulnerability vulnerability-management

Go 1.37 k

4 天前

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

vulnerability-scanners Common Vulnerabilities and Exposures (CVE)dependency-analysis containers sbom sca compliance cyclonedx devsecops 安全 vex supply-chain-security

Python 1.12 k

19 天前

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

sca devsecops 安全 sbom software-composition-analysis software-supply-chain software-supply-chain-security static-analysis vulnerabilities cyclonedx spdx

Go 1.08 k

1 个月前

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

Python containers sbom Docker compliance spdx 工具依赖管理 software-composition-analysis risk-management Open Source supply-chain-security

Python 989

1 年前

package-url / purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

purl package-url package url cyclonedx 依赖管理 package-management sbom spdx

786

5 天前

rust-secure-code / cargo-auditable

Make production Rust binaries auditable

cargo-plugin cargo-subcommand Rust sbom 安全 security-automation

Rust 736

20 天前

bitbomdev / minefield

#大语言模型#Graphing SBOM's Fast.

graph sbom supply-chain-security airgap 人工智能大语言模型

Go 721

10 天前

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

bom sca cyclonedx sbom Docker oci containers owasp package-url purl

JavaScript 708

3 天前