Pinned Loading

1. DependencyTrack/dependency-track Public

   Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

   Java 896 268

2. CycloneDX/specification Public

   Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

   XSLT 94 20

3. package-url/purl-spec Public

   A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

   201 62

4. OWASP/Software-Component-Verification-Standard Public

   Software Component Verification Standard (SCVS)

   Python 68 13

5. CPE-Parser Public

   A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

   Java 24 13

6. cvss-calculator Public

   A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

   Java 23 17