CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Apr 10, 2025 - Go
#
spdx
Here are 26 public repositories matching this topic...
GUAC aggregates software security metadata into a high fidelity graph database.
security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom
-
Updated
Apr 10, 2025 - Go
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security
-
Updated
Mar 28, 2025 - Go
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
golang security oss supply-chain spdx vulnerability-scanners security-automation security-tools devsecops supplychain syft sbom gomodule cyclonedx epss
-
Updated
Mar 31, 2025 - Go
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Apr 10, 2025 - Go
Reliable project licenses detector.
-
Updated
Jun 9, 2023 - Go
SBOM quality score - Quality metrics for your sboms
go golang spdx security-tools sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-quality sbom-score sbom-samples
-
Updated
Apr 11, 2025 - Go
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.
go cli golang commandline classifier open-source-licensing command-line-tool license spdx license-management licensechecker
-
Updated
Jun 19, 2024 - Go
Utility that provides an API platform for validating, querying and managing BOM data
owasp bom vex vdr spdx spdx-license hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx obom mbom saasbom spdx-sbom sbom-tool sbom-quality
-
Updated
Nov 19, 2024 - Go
Format agnostic SBOM tooling
-
Updated
Apr 7, 2025 - Go
Automate copyright headers and license files at scale
-
Updated
Mar 19, 2025 - Go
SBOM Grep - search through SBOMs
-
Updated
Feb 14, 2025 - Go
Tool to inspect and push and SPDX document as an OCI artifact
-
Updated
Jul 14, 2023 - Go
A simple Golang library that contains license information from SPDX.
-
Updated
Oct 31, 2024 - Go
Improve this page
Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."