CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Sep 14, 2024 - Go
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Reliable project licenses detector.
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
SBOM quality score - Quality metrics for your sboms
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.
Utility that provides an API platform for validating, querying and managing BOM data
Automate copyright headers and license files at scale
Tool to inspect and push and SPDX document as an OCI artifact
SBOM Grep - search through SBOMs
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.
Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.
To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."