syft 是一个 CLI 工具和 Go 库,用于从容器镜像和文件系统生成软件物料清单(SBOM)
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
A suite of tools to automate software compliance checks.
GUAC aggregates software security metadata into a high fidelity graph database.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and we...
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
📜 Cargo plugin to generate list of all licenses for a crate 🦀
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON
🎁 wraps all package managers with a unifying CLI
reuse is a tool for compliance with the REUSE recommendations.
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
#计算机科学#OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
A utility to generate SPDX-compliant Bill of Materials manifests
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments