spdx

There are 4 repositories under spdx topic.

• syft

  anchore / syft

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  containerscyclonedxdockergogolanghacktoberfestocisbomspdxstatic-analysistool
  Language:Go 5437

• nexB / scancode-toolkit

  :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  licensecopyrightpackagesdependenciesspdxprovenancelicense-scancopyright-scanlicensingspdx-licensesopen-source-licensingoss-compliancelicense-checkingsoftware-composition-analysispurlpackage-urlsbomscacyclonedxdependency-graph
  Language:Python 1969
• ort

  oss-review-toolkit / ort

  A suite of tools to automate software compliance checks.

  license-scanpackage-scanpackage-managerdependenciesdependency-graphlicensecopyrightspdxcopyright-scancompliancelicense-checkingoss-compliancelicense-managementsbomsbom-generatoropen-source-licensingospocyclonedxscahacktoberfest
  Language:Kotlin 1473

• XmirrorSecurity / OpenSCA-cli

  OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

  scadevsecopssecuritysbomsoftware-bill-of-materialssoftware-composition-analysissoftware-supply-chainsoftware-supply-chain-securitystatic-analysisvulnerabilitieslicense-compliancecyclonedxspdxswid
  Language:Go 997

• tern-tools / tern

  Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

  compliancecontainersdependenciesdockermetadata-extractionopen-sourceoss-compliancepythonrisk-managementsbomsoftware-composition-analysisspdxsupply-chain-securitytool
  Language:Python 930

• fossology / fossology

  FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

  fossologyspdxlicense-managementlicensecomplianceosslicense-checkinglicense-scancompliance-checkcompliance-automationspdx-licenses
  Language:PHP 749

• package-url / purl-spec

  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

  purlpackage-urlpackageurlcyclonedxdependenciespackage-managementsbomspdx
  609

• EmbarkStudios / cargo-about

  📜 Cargo plugin to generate list of all licenses for a crate 🦀

  cargocargo-pluginhacktoberfestlicense-checkinglicensingrustrust-langspdx
  Language:Rust 479

• spdx / license-list-data

  Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

  spdxrdfahtml-formatjsonlicenseslicensing
  Language:HTML 468
• bomber

  devops-kung-fu / bomber

  Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  cyclonedxdevsecopsgolanggomoduleosssbomsecuritysecurity-automationsecurity-toolsspdxsupply-chainsupplychainsyftvulnerability-scanners
  Language:Go 449

• fsfe / reuse-tool

  reuse is a tool for compliance with the REUSE recommendations.

  pythoncopyrightlicensinglinterreuseanalyzerfsfespdxfree-softwaresbom
  Language:Python 342
• specification

  CycloneDX / specification

  OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

  bill-of-materialsbomsoftwarespdxcpesoftware-securitylicensesoftware-bill-of-materialssbomcyclonedxswidowaspsupply-chainstandardspecificationsaasbomvexmbommachine-learningcbom
  Language:XSLT 324
• bom

  kubernetes-sigs / bom

  A utility to generate SPDX-compliant Bill of Materials manifests

  bomgogolangkubernetessbomspdx
  Language:Go 294

• chainloop-dev / chainloop

  Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.

  compliancecyclonedxdevsecopssbomsbom-distributionsecurityspdxsupply-chain-securitymetadata-platformsbom-discoverylicenseopen-source-licensingospooss-complianceregulated-industryattestationin-totoslsaslsa-provenance
  Language:Go 292
• cyclonedx-maven-plugin

  CycloneDX / cyclonedx-maven-plugin

  Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

  bomspdxmavenmaven-pluginbill-of-materialssoftware-bill-of-materialspackage-urlpurlsbomcyclonedxowaspsbom-generatorobommbomsaasbomvex
  Language:Java 270

• spdx / spdx-spec

  The SPDX specification in MarkDown and HTML formats.

  spdxspecificationsoftware-package-data-exchangelicenseslinux-foundation
  Language:HTML 266
• cyclonedx-cli

  CycloneDX / cyclonedx-cli

  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

  bombill-of-materialssoftware-bill-of-materialspurlpackage-urlsbomcyclonedxspdxowaspsbom-generatorobommbomsaasbomvexhacktoberfest
  Language:C# 249

• src-d / go-license-detector

  Reliable project licenses detector.

  spdx-licensespdx-licensesspdxlicense-scanlicense-management
  Language:Go 234
• cyclonedx-python

  CycloneDX / cyclonedx-python

  CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

  pythonpipbomsbomspdxbill-of-materialssoftware-bill-of-materialspackage-urlpurlcyclonedxowaspsbom-generatorpython3poetrycondarequirementsenvironmentsbom-tool
  Language:Python 203

• raftario / licensor

  write licenses to stdout

  spdxlicenselicensingcli
  Language:Rust 189

• spdx / tools-python

  A Python library to parse, validate and create SPDX documents.

  licensingparsingpythonrdfspdx
  Language:Python 159
• cyclonedx-dotnet

  CycloneDX / cyclonedx-dotnet

  Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

  bomspdxdotnetdotnet-corebill-of-materialssoftware-bill-of-materialspackage-urlpurlsbomcyclonedxowaspsbom-generatorhacktoberfestobommbomsaasbomvex
  Language:C# 158
• cyclonedx-gradle-plugin

  CycloneDX / cyclonedx-gradle-plugin

  Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

  bomspdxgradlegradle-pluginbill-of-materialssoftware-bill-of-materialspackage-urlpurlsbomcyclonedxowaspsbom-generator
  Language:Java 136

• interlynk-io / sbomqs

  SBOM quality score - Quality metrics for your sboms

  golangcyclonedxspdxsbomsbom-examplessbom-toolgosbom-qualitysbom-scoresbom-samplesdevsecops-pipelinesecurity-toolssupply-chain-security
  Language:Go 130

• spdx / tools

  SPDX Tools

  spdxlicense-management
  Language:Java 120

• boyter / lc

  licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.

  golanggolicensespdxcommand-line-toolcommandlineclilicensecheckerlicense-managementclassifieropen-source-licensing
  Language:Go 117

• nexB / scancode.io

  ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

  scasoftware-composition-analysisopen-sourcelicensescancodedockervirtual-machinecyclonedxpackage-urlpurlspdxvulnerabilitiesfoss-compliance
  Language:Python 88

• sindresorhus / spdx-license-list

  List of SPDX licenses

  spdxspdx-licensesjavascriptjsonlistnodejs
  Language:JavaScript 88

• yohangz / packer-cli

  :boom: Full-fledged CLI tool to generate and package node modules compliant with Browser and NodeJS. Packer CLI support all modern style, unit test and script transpiler tools

  babelbuild-tooleslintgulphandlebarsistambuljasminejestjsdomlessmochanodejsreactjsrollupjssassspdxstylelintstylustslinttypescript
  Language:HTML 87
• cyclonedx-rust-cargo

  CycloneDX / cyclonedx-rust-cargo

  Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

  bomspdxrustcargocargo-pluginbill-of-materialssoftware-bill-of-materialspackage-urlpurlsbomcyclonedxowaspsbom-generatorobommbomsaasbomvex
  Language:Rust 74
• cyclonedx-core-java

  CycloneDX / cyclonedx-core-java

  CycloneDX SBOM Model and Utils for Creating and Validating BOMs

  bomspdxbill-of-materialssoftware-bill-of-materialspackage-urlpurlsbomcyclonedxowaspobommbomsaasbomvex
  Language:Java 68

• hashicorp / copywrite

  Automate copyright headers and license files at scale

  compliancecopyrightlicensingossspdx
  Language:Go 64

• CycloneDX / sbom-utility

  Utility that provides an API platform for validating, querying and managing BOM data

  sbombomcyclonedxsbom-toolspdxspdx-sbomvexspdx-licensebill-of-materialshacktoberfestmbomobomowasppackage-urlpurlsaasbomsoftware-bill-of-materialsvdrsbom-quality
  Language:Go 61

• opensource-jp / licenses

  Japanese reference translations of the OSI approved open source licenses

  opensourcelicensejapanese-translationsjapanesespdxlicensesopensource-jp
  Language:HTML 56
• cyclonedx-python-lib

  CycloneDX / cyclonedx-python-lib

  Python implementation of OWASP CycloneDX

  pythonowaspbomspdxbill-of-materialssoftware-bill-of-materialspurlpackage-urlsbomcyclonedxpython-libraryobommbomsaasbomvexsoftware-libraryattestationcbom
  Language:Python 55

• opossum-tool / OpossumUI

  A light-weight app to audit and inventory large codebases for open source license compliance.

  codescancopyright-scanlicense-scanoss-compliancepackage-dependencyremediationsoftware-bill-of-materialssoftware-composition-analysisspdx
  Language:TypeScript 55