Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.

Take a yaml bom and convert it to cyclone dx format

SBOM Tool running on a browser locally with WebAssembly

Libraries developed by Integrated Computer Solutions (ICS) for handling Software Bill of Materials (SBoM) documentaion.

Create a dependency graph of the components within a SBOM

This repo is for testing various SBOM and license scanning tools

Public Tracking Repository for DEPs (DBoM Enhancement Proposals)

A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

Bitbucket pipe to generate a CycloneDX sBOM for Java, Go, Python & Node projects

Code for the SBOM talk at SBA Security Meetup (26.11.2024)

The Clearing Automation Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian project and uploads it to SW360 and Fossology

This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.

A repository for testing various SBOM tools and benchmark them against each other.

extract purl from SBOM to generate vcs URL

Retrieve all requested SBOMs from the GitHub repositories.

SPDX Model Library

Ansible role for 'syft'. Available on Ansible Galaxy.

Generates a Software Bill of Materials as part of a Bitbucket Pipeline for various project types

Generates daily SBOM and vulnerability reports for container images and saves resulting files into GCS bucket and data into BigQuery tables.