sca · GitHub Topics

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Java 3.1 k

1 天前

aboutcode-org / scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...

license copyright packages 依赖管理 spdx provenance license-scan licensing spdx-licenses open-source-licensing license-checking software-composition-analysis purl package-url sbom sca cyclonedx dependency-graph

Python 2.3 k

2 天前

pay-rails / pay

Payments for Ruby on Rails apps

subscription stripe pay engine Rails payment-provider braintree sca paddle payments Hacktoberfest

Ruby 2.1 k

2 天前

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Package manager 依赖管理 dependency-graph license copyright spdx compliance license-management sbom sbom-generator open-source-licensing ospo cyclonedx sca Hacktoberfest cra dora

Kotlin 1.76 k

1 天前

murphysecurity / murphysec

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

安全 scanner dependency vulnerability-detection software-supply-chain sca software-composition-analysis

Go 1.73 k

4 天前

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

vulnerability-scanners Common Vulnerabilities and Exposures (CVE)dependency-analysis containers sbom sca compliance cyclonedx devsecops 安全 vex supply-chain-security

Python 1.12 k

19 天前

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

sca devsecops 安全 sbom software-composition-analysis software-supply-chain software-supply-chain-security static-analysis vulnerabilities cyclonedx spdx

Go 1.08 k

1 个月前

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

bom sca cyclonedx sbom Docker oci containers owasp package-url purl

JavaScript 708

3 天前

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instan...

log4j cve-2021-44228 cve-2021-45046 Cybersecurity sca pentest log4shell scanner detector cve-2021-45105 vulnerability-scanner

Java 639

3 年前

awslabs / automated-security-helper

ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.

Amazon Web Services Infrastructure as code sast sca scanner 安全

Shell 426

5 天前

alipay / ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

application benchmark evaluation 安全 Testing dast iast sast sca

Java 394

2 个月前

Orange-Cyberdefense / grepmarx

A source code static analysis platform for AppSec enthusiasts.

appsec sast sca 安全

Python 251

4 个月前

stevespringett / nist-data-mirror

A simple Java command-line utility to mirror the CVE JSON data from NIST.

appsec nvd software-security nist Common Vulnerabilities and Exposures (CVE)Java software-composition-analysis sca

Java 207

3 年前

aboutcode-org / scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...

sca software-composition-analysis Open Source license Docker virtual-machine cyclonedx package-url purl spdx vulnerabilities

Python 136

2 天前