OSSVAL - Open Source Software Valuation

OSSNOTICES - Legal Notices Generator

Offline Package URL validator using a prebuilt FST of known packages.

OSSBOMER - SBOM Schema Validation for SPDX and CycloneDX

vulnq - Vulnerability Query Tool

Profile, templates, documentation and issue tracking for sbomify

Advanced SBOM visualization tool. Provides graphical information about the dependency stack of your application, list of vulnerabilities and overall application health. Supports multiple methods of data aggregation and filtering in a convenient, modern interface.

SBOM Tool running on a browser locally with WebAssembly

Offline Package URL validator using a prebuilt FST of known packages.

Malicious-PAckageFinder (m-paf) is a command-line tool that detects malicious and risky packages in your software supply chain using SBOM files.

OSSBOMER - SBOM Policy Analysis

Simple SBOM viewer and NTIA Minimum Elements checker.

Tracking and reporting for IT and related assets and configuration

Semantic Copycat BinarySniffer is a fast CLI and Python library that detects OSS in binaries using semantic signatures (APK/IPA, JARs, code). Exports CycloneDX SBOMs. 🐙

SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.

A tool for converting CycloneDX Software Bill of Materials (SBOM) files into Cytoscape.js compatible graph format for visualization and analysis

This repo hosts a github action to run parlay( which is used to Enrich SBOMs with data from third party services ) in piplines

Update Python modules in a project's VENV dir, update requirements.txt and also update the Software Bill of material (SBOM)

This web application provides an interactive and user-friendly interface for viewing and exploring parsed SPDX and SBOM-tool JSON files. Built with Blazor WebAssembly, the app loads and displays the data in a structured, readable format, making it easy for users to analyze software components, licenses, and dependencies directly in their browser.

Repository related to the conference paper "SBOM Generation Tools in the Python Ecosystem: an In-Detail Analysis"