252 skills found · Page 1 of 9
anchore / SyftCLI tool and library for generating a Software Bill of Materials from container images and filesystems
aboutcode-org / Scancode Toolkit:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!
microsoft / Sbom ToolThe SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
oss-review-toolkit / OrtA suite of tools to automate software compliance checks.
guacsec / GuacGUAC aggregates software security metadata into a high fidelity graph database.
composer / Spdx LicensesTools for working with the SPDX license list and validating licenses.
XmirrorSecurity / OpenSCA CliOpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
tern-tools / TernTern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
package-url / Purl SpecA minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
fossology / FossologyFOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
EmbarkStudios / Cargo About📜 Cargo plugin to generate list of all licenses for a crate 🦀
spdx / License List DataVarious data formats for the SPDX License List including RDFa, HTML, Text, and JSON
devops-kung-fu / BomberScans Software Bill of Materials (SBOMs) for security vulnerabilities
fsfe / Reuse ToolThis is a mirror of https://codeberg.org/fsfe/reuse-tool
kdeldycke / Meta Package Manager🎁 wraps all package managers with a unifying CLI
chainloop-dev / ChainloopSDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
CycloneDX / SpecificationOWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
CycloneDX / Cyclonedx CliCycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
spdx / License List XMLSource XML and test text files for the SPDX License List
kubernetes-sigs / BomA utility to generate SPDX-compliant Bill of Materials manifests
