GUAC aggregates software security metadata into a high fidelity graph database.

A vulnerability scanner for container images and filesystems

Context-Aware Vulnerability Risk Scoring

Automate vulnerability triage which prioritizes remediation over discovery

A tool to create, transform and attest VEX metadata

A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications

GitHub Action for SecureSBOM

Suppress vulnerabilities applying Kubernetes context to scans

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance

silence negligible CVE alerts using LLM

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

Utility that provides an API platform for validating, querying and managing BOM data

vexctl is a tool to attest VEX impact statements

the basic 2D game physics and vex code made by go with ebiten game lib