Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
-
Updated
Oct 27, 2022
Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
Scan artifacts with Amazon Inspector from GitHub Actions workflows.
Create a dependency graph of the components within a SBOM
A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.
A Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
@jQAssistant plugin to scan and analyze CycloneDX files (e.g. SBOM).
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."