Yocto layer to integrate VulnScout in projects (SBOM Vulnerability Scanning & Assessment tool)

Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.

The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

The model for the information captured in SPDX version 3 standard.

GUAC aggregates software security metadata into a high fidelity graph database.

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.

A library and CLI to work with CSAF and SBOM data

Software Quality Management Tool

Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.

OSPAC - Open Source Policy as Code

A suite of utilities to help with software supply chain challenges on nix targets

Generate your SBOM with CMake.

Python demo of generating an SPDX SBOM of RPM Packages

A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications

A simple library and CLI tool to create an aggregated notice for one or more SBOMs (SPDX or CycloneDX).

Two tools, sbomlicense and sbomlicensed, that enrich SBOM files with license information.

Command line tool and python package for interacting with Timesys Vigiles APIs

Heimdall is a C++ toolchain for generating Software Bills of Materials (SBOMs) from compiled binaries, extracting debug information, symbols, and dependencies with plugin support for the LLVM and gold linker. Supports gcc and clang. A CMake module is provided for easy build integration and an SPDX/CycloneDX SBOM validator for BOM validation

Utility that provides an API platform for validating, querying and managing BOM data

AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for any serious text classification task.