#

spdx

Here are 154 public repositories matching this topic...

syft

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

go docker golang tool containers static-analysis oci spdx hacktoberfest sbom cyclonedx

Updated Oct 4, 2023
Go

nexB / scancode-toolkit

🔎 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Updated Oct 3, 2023
Python

ort

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

Updated Oct 4, 2023
Kotlin

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security

Updated Aug 29, 2023
Python

fossology / fossology

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

oss compliance license spdx license-management fossology spdx-licenses license-checking license-scan compliance-check compliance-automation

Updated Oct 4, 2023
HTML

package-url / purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

url package dependencies spdx package-management purl package-url sbom cyclonedx

Updated Oct 2, 2023

spdx / license-list-data

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

licensing json rdfa html-format spdx licenses

Updated Oct 4, 2023
HTML

bomber

devops-kung-fu / bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

golang security oss supply-chain spdx vulnerability-scanners security-automation security-tools devsecops supplychain syft sbom gomodule cyclonedx

Updated Aug 10, 2023
Go

EmbarkStudios / cargo-about

📜 Cargo plugin to generate list of all licenses for a crate 🦀

rust licensing rust-lang cargo spdx hacktoberfest license-checking cargo-plugin

Updated Sep 2, 2023
Rust

fsfe / reuse-tool

reuse is a tool for compliance with the REUSE recommendations.

python licensing linter free-software analyzer reuse spdx copyright sbom fsfe

Updated Oct 4, 2023
Python

specification

CycloneDX / specification

CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, ML-BOM, OBOM, MBOM, VDR, and VEX

Updated Oct 4, 2023
XSLT

bom

kubernetes-sigs / bom

A utility to generate SPDX-compliant Bill of Materials manifests

go kubernetes golang bom spdx sbom

Updated Oct 2, 2023
Go

spdx / spdx-spec

The SPDX specification in MarkDown and HTML formats.

specification spdx licenses linux-foundation software-package-data-exchange

Updated Aug 22, 2023
HTML

cyclonedx-maven-plugin

CycloneDX / cyclonedx-maven-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

maven owasp maven-plugin bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated Sep 25, 2023
Java

src-d / go-license-detector

Reliable project licenses detector.

spdx spdx-license license-management spdx-licenses license-scan

Updated Jun 9, 2023
Go

chainloop-dev / chainloop

Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated Sep 28, 2023
Go

cyclonedx-cli

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

owasp bom vex spdx hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom

Updated Sep 20, 2023
C#

raftario / licensor

write licenses to stdout

cli licensing license spdx

Updated Jan 30, 2023
Rust

cyclonedx-python

CycloneDX / cyclonedx-python

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

python environment poetry conda owasp python3 pip bom spdx requirements bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator sbom-tool

Updated Oct 4, 2023
Python

spdx / tools-python

A Python library to parse, validate and create SPDX documents.

python licensing parsing rdf spdx

Updated Sep 28, 2023
Python

Improve this page

Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."