software-bill-of-materials

There are 6 repositories under software-bill-of-materials topic.

XmirrorSecurity / OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
sca devsecops security sbom software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security static-analysis vulnerabilities license-compliance cyclonedx spdx swid
Language:Go 1037
CycloneDX / cdxgen
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain
Language:JavaScript 504
awesomeSBOM / awesome-sbom
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
awesome awesome-repos awesome-sbom sbom sbom-examples sbom-generator software-bill-of-materials
449
microsoft / component-detection
Scans your project to determine what components you use
dependencies package-management sbom software-bill-of-materials software-composition-analysis static-analysis
Language:C# 398
specification
CycloneDX / specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
bill-of-materials bom software spdx cpe license software-bill-of-materials sbom cyclonedx swid owasp supply-chain standard specification saasbom vex mbom machine-learning cbom tc54
Language:XSLT 345
cyclonedx-maven-plugin
CycloneDX / cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
bill-of-materials bom cyclonedx maven maven-plugin mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Language:Java 283
cyclonedx-cli
CycloneDX / cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Language:C# 281
cyclonedx-python
CycloneDX / cyclonedx-python
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
bill-of-materials bom conda cyclonedx environment owasp package-url pip poetry purl python python3 requirements sbom sbom-generator sbom-tool software-bill-of-materials spdx
Language:Python 228
cyclonedx-dotnet
CycloneDX / cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
bill-of-materials bom cyclonedx dotnet dotnet-core hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-generator software-bill-of-materials spdx vex
Language:C# 169
bom-examples
CycloneDX / bom-examples
A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
cyclonedx software-bill-of-materials sbom bom bill-of-materials owasp sbom-examples obom mbom vex saasbom
162
cyclonedx-gradle-plugin
CycloneDX / cyclonedx-gradle-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
bill-of-materials bom cyclonedx gradle gradle-plugin owasp package-url purl sbom sbom-generator software-bill-of-materials spdx
Language:Java 147
cyclonedx-gomod
CycloneDX / cyclonedx-gomod
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
bill-of-materials bom go-modules golang mbom obom owasp saasbom sbom sbom-generator software-bill-of-materials vex
Language:Go 128
cyclonedx-node-module
CycloneDX / cyclonedx-node-module
creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects
bom cyclonedx dependency-graph meta-package metapackage node nodejs sbom sbom-generator sbom-tool software-bill-of-materials
121
tiiuae / sbomnix
A suite of utilities to help with software supply chain challenges on nix targets
cyclonedx nix sbom sbom-generator sbom-tool python bill-of-materials cpe dependencies purl software-bill-of-materials security spdx-sbom static-analysis vulnerability-scanners software-supply-chain software-supply-chain-security
Language:Python 109
CycloneDX / sbom-utility
Utility that provides an API platform for validating, querying and managing BOM data
bill-of-materials bom cyclonedx hacktoberfest mbom obom owasp package-url purl saasbom sbom sbom-quality sbom-tool software-bill-of-materials spdx spdx-license spdx-sbom vdr vex
Language:Go 83
cyclonedx-rust-cargo
CycloneDX / cyclonedx-rust-cargo
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
bill-of-materials bom cargo cargo-plugin cyclonedx mbom obom owasp package-url purl rust saasbom sbom sbom-generator software-bill-of-materials spdx vex
Language:Rust 79
intelops / compage
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.
backend-services code-generation containerization containers graphql grpc low-code microservices sbom-generator software-bill-of-materials software-supply-chain-security webassembly rest-api golang rust serverless cosign visual-applications no-code hacktoberfest
Language:Go 79
cyclonedx-core-java
CycloneDX / cyclonedx-core-java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
bom spdx bill-of-materials software-bill-of-materials package-url purl sbom cyclonedx owasp obom mbom saasbom vex library
Language:Java 76
cyclonedx-bom-repo-server
CycloneDX / cyclonedx-bom-repo-server
A BOM repository server for distributing CycloneDX BOMs
bill-of-materials bom cyclonedx mbom obom owasp saasbom sbom sbom-distribution sbom-repository software-bill-of-materials vex
Language:C# 72
cyclonedx-go
CycloneDX / cyclonedx-go
Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
bom bill-of-materials sbom software-bill-of-materials golang owasp obom mbom saasbom vex library
Language:Go 69
cyclonedx-node-npm
CycloneDX / cyclonedx-node-npm
Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.
bill-of-materials bom cyclonedx dependency-graph node nodejs npm owasp sbom sbom-generator sbom-tool software-bill-of-materials
Language:TypeScript 67
cyclonedx-python-lib
CycloneDX / cyclonedx-python-lib
Python implementation of OWASP CycloneDX
python owasp bom spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx obom mbom saasbom vex software-library attestation cbom library
Language:Python 61
opossum-tool / OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
spdx package-dependency remediation license-scan copyright-scan software-composition-analysis codescan oss-compliance software-bill-of-materials
Language:TypeScript 57
nikstur / bombon
Nix CycloneDX Software Bills of Materials (SBOMs)
cyclonedx nix nixos sbom bill-of-materials bom software-bill-of-materials license sbom-generator components dependencies purl spdx
Language:Rust 56
goreleaser / goreleaser-example-supply-chain
Example goreleaser + github actions config with keyless signing and SBOM generation
goreleaser golang go supply-chain cosign signing sigstore software-bill-of-materials sbom syft
Language:Go 55
cyclonedx-php-composer
CycloneDX / cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
bill-of-materials bom composer composer-plugin cyclonedx dependency-graph owasp package-url php purl sbom sbom-generator sbom-tool software-bill-of-materials spdx
Language:PHP 47
cyclonedx-linux-generator
CycloneDX / cyclonedx-linux-generator
Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions
bom bill-of-materials software-bill-of-materials sbom cyclonedx linux owasp sbom-generator
Language:Java 38
transparency-exchange-api
CycloneDX / transparency-exchange-api
A standard API specification for exchanging supply chain artifacts and intelligence
api-spec bill-of-materials bom cyclonedx owasp sbom sbom-distribution software-bill-of-materials specification tc54
35
cyclonedx-web-tool
CycloneDX / cyclonedx-web-tool
A web based tool for working with CycloneDX BOMs
bom bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx owasp obom mbom saasbom vex
Language:HTML 27
cyclonedx-webpack-plugin
CycloneDX / cyclonedx-webpack-plugin
Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
bom spdx bill-of-materials software-bill-of-materials package-url purl sbom cyclonedx webpack-plugin webpack owasp sbom-generator mbom javascript sbom-tool
Language:JavaScript 24
gh-node-module-generatebom
CycloneDX / gh-node-module-generatebom
GitHub action to generate a CycloneDX SBOM for Node.js
bill-of-materials bom cyclonedx gh-action github-action node nodejs owasp sbom sbom-generator software-bill-of-materials
Language:JavaScript 20
cloudlinux / securechain-java
TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.
compliance-management dependency-management enterprise-security java-security open-source-security sbom software-bill-of-materials supply-chain-security vulnerability-assessment enterprise-security-compliance java-dependency-management java-libraries-vetting java-supply-chain-security oss-vulnerability-remediation
19
cyclonedx-cocoapods
CycloneDX / cyclonedx-cocoapods
Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
bom objective-c swift cocoapods bill-of-materials software-bill-of-materials sbom cyclonedx owasp sbom-generator obom mbom saasbom vex
Language:Ruby 19
cyclonedx-ruby-gem
CycloneDX / cyclonedx-ruby-gem
Creates CycloneDX Software Bill of Materials (SBOM) from Ruby projects
bom spdx ruby gem bundler bill-of-materials software-bill-of-materials package-url purl sbom cyclonedx owasp sbom-generator obom mbom saasbom vex
Language:Ruby 19
sbom-comparator
CycloneDX / sbom-comparator
Lockheed Martin developed utility to compare two CycloneDX SBOMs
bom bill-of-materials software-bill-of-materials sbom cyclonedx owasp
Language:Java 18
CMS-Enterprise / sbom-harbor
Repository for the SBOM Harbor.
sbom software-bill-of-materials software-supply-chain software-supply-chain-security
Language:Rust 17

software-bill-of-materials

XmirrorSecurity / OpenSCA-cli

CycloneDX / cdxgen

awesomeSBOM / awesome-sbom

microsoft / component-detection

CycloneDX / specification

CycloneDX / cyclonedx-maven-plugin

CycloneDX / cyclonedx-cli

CycloneDX / cyclonedx-python

CycloneDX / cyclonedx-dotnet

CycloneDX / bom-examples

CycloneDX / cyclonedx-gradle-plugin

CycloneDX / cyclonedx-gomod

CycloneDX / cyclonedx-node-module

tiiuae / sbomnix

CycloneDX / sbom-utility

CycloneDX / cyclonedx-rust-cargo

intelops / compage

CycloneDX / cyclonedx-core-java

CycloneDX / cyclonedx-bom-repo-server

CycloneDX / cyclonedx-go

CycloneDX / cyclonedx-node-npm

CycloneDX / cyclonedx-python-lib

opossum-tool / OpossumUI

nikstur / bombon

goreleaser / goreleaser-example-supply-chain

CycloneDX / cyclonedx-php-composer

CycloneDX / cyclonedx-linux-generator

CycloneDX / transparency-exchange-api

CycloneDX / cyclonedx-web-tool

CycloneDX / cyclonedx-webpack-plugin

CycloneDX / gh-node-module-generatebom

cloudlinux / securechain-java

CycloneDX / cyclonedx-cocoapods

CycloneDX / cyclonedx-ruby-gem

CycloneDX / sbom-comparator

CMS-Enterprise / sbom-harbor