scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Security & License Compliance For Your App's Dependencies 🪱

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

GitHub action to generate a CycloneDX SBOM for Node.js

GitHub action to generate a CycloneDX SBOM for Python

Service to scan licenses from source code

GitHub action to generate a CycloneDX SBOM for .NET

A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts

A library and CLI to work with CSAF and SBOM data

An experimental DID Method for Supply Chain Integrity, Transparency and Trust (SCITT)

The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.

Automated Secrets, Misconfiguration, IaC Misconfiguration detection, and OSS by Check Point CloudGuard

node-dependency-track-upload

Sample nodejs app to illustrate best-practices for proactive security

GitHub action to generate a CycloneDX SBOM for PHP Composer