A vulnerability scanner for container images and filesystems
GUAC aggregates software security metadata into a high fidelity graph database.
A tool to create, transform and attest VEX metadata
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Utility that provides an API platform for validating, querying and managing BOM data
vexctl is a tool to attest VEX impact statements
Suppress vulnerabilities applying Kubernetes context to scans
日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
Prioritize vulnerabilities by real risk, not just CVSS
GitHub Action for SecureSBOM
Structured, portable, machine-readable security context for code repositories. SARIF standardized scanner output; this spec standardizes scanner input.
VEX document crawler and aggregator
Self-hosted VEX-first release evidence ledger for customer CVE, SBOM, provenance, and release-review questions.
Open-source CRA/NIS2 compliance reporting server — SBOM management, vulnerability scanning (VulnzMatcher), VEX lifecycle, CSAF advisory generation, audit trail, and ENISA submission. AGPL-3.0 licensed.
Add a description, image, and links to the vex topic page so that developers can more easily learn about it.
To associate your repository with the vex topic, visit your repo's landing page and select "manage topics."