Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
翻译 - :mag_right:ScanCode通过扫描代码来检测许可证,版权,软件包清单和依赖项等,以发现并清点代码中使用的开源和第三方软件包。
Payments for Ruby on Rails apps
翻译 - Ruby on Rails的订阅引擎。
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
A suite of tools to automate software compliance checks.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
翻译 - OpenSCA 是一种软件组合分析 (SCA) 解决方案,支持检测开源组件依赖项和漏洞。
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instan...
翻译 - 在任何应用程序的文件系统上检测易受攻击的 log4j 版本。它甚至能够找到隐藏在几层深处的实例。适用于 Linux、Windows 和 Mac,也适用于 Java 运行的其他任何地方!
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
A source code static analysis platform for AppSec enthusiasts.
A simple Java command-line utility to mirror the CVE JSON data from NIST.
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
prancer platform is an IaC Security engine + Continuous Compliance for your cloud (Azure, AWS, GCP) and Kubernetes environment
Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers.
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
Python Elliptic Curve Side-Channel Analysis toolkit.