Use SBOM metadata to validate release integrity.

Easily convert spdx.json files into human-readable, markdown files.

Detect Licenses, dependencies by scanning your project/repositories to discover the Open Source and Third party packages used in your code.

📓 A python CLI tool to extract a software bill of materials and license info from a vcpkg manifest.

Copyright and License management solutions

AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for any serious text classification task.

Utility that provides an API platform for validating, querying and managing BOM data

Heimdall is a C++ toolchain for generating Software Bills of Materials (SBOMs) from compiled binaries, extracting debug information, symbols, and dependencies with plugin support for the LLVM and gold linker. Supports gcc and clang. A CMake module is provided for easy build integration and an SPDX/CycloneDX SBOM validator for BOM validation

Command line tool and python package for interacting with Timesys Vigiles APIs

Two tools, sbomlicense and sbomlicensed, that enrich SBOM files with license information.

A simple library and CLI tool to create an aggregated notice for one or more SBOMs (SPDX or CycloneDX).

A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications

Python demo of generating an SPDX SBOM of RPM Packages

Generate your SBOM with CMake.

A suite of utilities to help with software supply chain challenges on nix targets

OSPAC - Open Source Policy as Code

Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.

Software Quality Management Tool

A library and CLI to work with CSAF and SBOM data

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.