A vulnerability scanner for container images and filesystems
GUAC aggregates software security metadata into a high fidelity graph database.
A tool to create, transform and attest VEX metadata
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Utility that provides an API platform for validating, querying and managing BOM data
vexctl is a tool to attest VEX impact statements
Suppress vulnerabilities applying Kubernetes context to scans
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance
Prioritize vulnerabilities by real risk, not just CVSS
GitHub Action for SecureSBOM
Add a description, image, and links to the vex topic page so that developers can more easily learn about it.
To associate your repository with the vex topic, visit your repo's landing page and select "manage topics."