OSSVAL - Open Source Software Valuation

Offline Package URL validator using a prebuilt FST of known packages.

OSSNOTICES - Legal Notices Generator

OSSBOMER - SBOM Schema Validation for SPDX and CycloneDX

vulnq - Vulnerability Query Tool

Profile, templates, documentation and issue tracking for sbomify

Malicious-PAckageFinder (m-paf) is a command-line tool that detects malicious and risky packages in your software supply chain using SBOM files.

OSSBOMER - SBOM Policy Analysis

SBOM Tool running on a browser locally with WebAssembly

Offline Package URL validator using a prebuilt FST of known packages.

Advanced SBOM visualization tool. Provides graphical information about the dependency stack of your application, list of vulnerabilities and overall application health. Supports multiple methods of data aggregation and filtering in a convenient, modern interface.

Tracking and reporting for IT and related assets and configuration

Semantic Copycat BinarySniffer is a fast CLI and Python library that detects OSS in binaries using semantic signatures (APK/IPA, JARs, code). Exports CycloneDX SBOMs. 🐙

Simple SBOM viewer and NTIA Minimum Elements checker.

A tool for converting CycloneDX Software Bill of Materials (SBOM) files into Cytoscape.js compatible graph format for visualization and analysis

SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.

This repo hosts a github action to run parlay( which is used to Enrich SBOMs with data from third party services ) in piplines

Update Python modules in a project's VENV dir, update requirements.txt and also update the Software Bill of material (SBOM)

This web application provides an interactive and user-friendly interface for viewing and exploring parsed SPDX and SBOM-tool JSON files. Built with Blazor WebAssembly, the app loads and displays the data in a structured, readable format, making it easy for users to analyze software components, licenses, and dependencies directly in their browser.