28 results for “topic:spdx-sbom”
GUAC aggregates software security metadata into a high fidelity graph database.
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
A suite of utilities to help with software supply chain challenges on nix targets
Utility that provides an API platform for validating, querying and managing BOM data
The model for the information captured in SPDX version 3 standard.
Software Quality Management Tool
Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.
A library and CLI to work with CSAF and SBOM data
Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.
Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.
Generate your SBOM with CMake.
Yocto layer to integrate VulnScout in projects (SBOM Vulnerability Scanning & Assessment tool)
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
Detect Licenses, dependencies by scanning your project/repositories to discover the Open Source and Third party packages used in your code.
日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance
Use SBOM metadata to validate release integrity.
📓 A python CLI tool to extract a software bill of materials and license info from a vcpkg manifest.
Copyright and License management solutions
Easily convert spdx.json files into human-readable, markdown files.
Command line tool and python package for interacting with Timesys Vigiles APIs
AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for any serious text classification task.
Snapshot releases of debian-dev docker images for reproducible build environments.
Python demo of generating an SPDX SBOM of RPM Packages
A simple library and CLI tool to create an aggregated notice for one or more SBOMs (SPDX or CycloneDX).
OSPAC - Open Source Policy as Code
Generate SPDX 2.3 and CycloneDX 1.5 SBOMs for legacy Yocto and PetaLinux projects to meet firmware compliance and security standards.
Two tools, sbomlicense and sbomlicensed, that enrich SBOM files with license information.
Native C++ Dependency Scanner & SBOM Generator