sbom · GitHub Topics

anchore / syft

syft 是一个 CLI 工具和 Go 库，用于从容器镜像和文件系统生成软件物料清单（SBOM）

containers Docker Go static-analysis 工具 oci sbom spdx cyclonedx Hacktoberfest

Go 6.7 k

3 小时前

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

vulnerabilities scanner Firefox 插件 JavaScript Chrome 插件 build-tool 安全 software-composition-analysis sbom sbom-generator

JavaScript 3.78 k

7 天前

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Java 2.92 k

2 天前

e-m-b-a / emba

EMBA - The firmware security analyzer

翻译 - emba-一种用于基于Linux的嵌入式设备固件的分析器。

firmware Linux embedded-linux 安全 pentesting Hacking Internet of things penetration-testing embedded-systems vulnerability-scanners firmware-tools firmware-analysis static-analyzer 逆向工程 binary-analysis vulnerability-scanner Cybersecurity 人工智能 sbom

Shell 2.89 k

2 天前

aboutcode-org / scancode-toolkit

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...

翻译 - ：mag_right：ScanCode通过扫描代码来检测许可证，版权，软件包清单和依赖项等，以发现并清点代码中使用的开源和第三方软件包。

license copyright packages 依赖管理 spdx provenance license-scan licensing open-source-licensing license-checking software-composition-analysis purl package-url sbom sca cyclonedx dependency-graph

Python 2.23 k

1 天前

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

sbom sbom-generator

C# 1.73 k

6 小时前

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Package manager 依赖管理 dependency-graph license copyright spdx compliance license-management sbom sbom-generator open-source-licensing ospo cyclonedx sca Hacktoberfest cra dora

Kotlin 1.69 k

14 小时前

zarf-dev / zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

Kubernetes airgap cloud-native helm government dod k3s kustomize oci cosign Docker docker-registry GitOps sbom

Go 1.5 k

5 天前

HummerRisk / HummerRisk

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native prowler 安全 sbom cloud-native-security cspm kubernetes-security trivy compliance vulnerability

Java 1.49 k

3 个月前

lunasec-io / lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

翻译 - LunaSec - 安全性和合规性 SDK，可阻止软件中的数据泄漏。只需几行代码，LunaSec 就在您的堆栈中添加了零信任架构、独特的每记录加密以及针对 XSS、SQL 注入和 RCE 等常见安全问题的保护。在这里现场试用：https://app.lunasec.dev

tokenization web-security compliance 安全 soc2 pci-dss gdpr zero-trust devsecops log4shell dependency-analysis scanning Cybersecurity scanning-tool cve-scanning sbom sbom-generator Continuous Delivery (CD)software-composition-analysis

TypeScript 1.45 k

10 个月前

openclarity / openclarity

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

cloud Exploit Kubernetes leaked-secrets Malware sbom scanner 安全 virtual-machine vulnerabilities

Go 1.38 k

10 天前

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

Common Vulnerabilities and Exposures (CVE)安全 Hacktoberfest vulnerabilities cvss swrepo devsecops security-automation Python sbom vulnerability

Python 1.34 k

5 天前

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

安全 software-supply-chain software-supply-chain-security supply-chain-security attestations graph sbom cyclonedx spdx vex vulnerability vulnerability-management

Go 1.34 k

1 天前

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

vulnerability-scanners Common Vulnerabilities and Exposures (CVE)dependency-analysis containers sbom sca compliance cyclonedx devsecops 安全 vex supply-chain-security

Python 1.07 k

13 小时前

XmirrorSecurity / OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

翻译 - OpenSCA 是一种软件组合分析 (SCA) 解决方案，支持检测开源组件依赖项和漏洞。

sca devsecops 安全 sbom software-composition-analysis software-supply-chain software-supply-chain-security static-analysis vulnerabilities cyclonedx spdx

Go 1.05 k

1 个月前

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

Python containers sbom Docker compliance spdx 工具依赖管理 software-composition-analysis risk-management Open Source supply-chain-security

Python 977

1 年前

package-url / purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

purl package-url package url cyclonedx 依赖管理 package-management sbom spdx

737

2 天前

bitbomdev / minefield

#大语言模型#Graphing SBOM's Fast.

graph sbom supply-chain-security airgap 人工智能大语言模型

Go 717

2 天前

rust-secure-code / cargo-auditable

Make production Rust binaries auditable

cargo-plugin cargo-subcommand Rust sbom 安全 security-automation

Rust 703

1 个月前

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

bom sca cyclonedx sbom Docker oci containers owasp package-url purl

JavaScript 645

2 天前