There are 6 repositories under software-bill-of-materials topic.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
Scans your project to determine what components you use
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects
Utility that provides an API platform for validating, querying and managing BOM data
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
A BOM repository server for distributing CycloneDX BOMs
Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.
Python implementation of OWASP CycloneDX
A light-weight app to audit and inventory large codebases for open source license compliance.
Example goreleaser + github actions config with keyless signing and SBOM generation
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions
A standard API specification for exchanging supply chain artifacts and intelligence
A web based tool for working with CycloneDX BOMs
Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
GitHub action to generate a CycloneDX SBOM for Node.js
TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.
Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
Creates CycloneDX Software Bill of Materials (SBOM) from Ruby projects
Lockheed Martin developed utility to compare two CycloneDX SBOMs
Repository for the SBOM Harbor.