mainframe application portfolio analysis, antlr4 grammars and java for static analysis of cobol+cics+db2+sqlims+execdli, jcl

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

Make production Rust binaries auditable

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Inventory container image packages in .NET

🎁 wraps all package managers with a unifying CLI

A suite of tools to automate software compliance checks.

SBOM quality score - Quality metrics for your sboms

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

The legal review and SBOM system used by SUSE and openSUSE

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.