CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Oct 20, 2025 - Go
#
spdx
Here are 225 public repositories matching this topic...
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
licensing packages open-source-licensing dependency-graph provenance dependencies license spdx copyright sca spdx-licenses license-checking license-scan copyright-scan software-composition-analysis oss-compliance purl package-url sbom cyclonedx
-
Updated
Oct 17, 2025 - Python
A suite of tools to automate software compliance checks.
package-manager open-source-licensing dependency-graph compliance dependencies license spdx copyright hacktoberfest license-management sca dora cra ospo oss-compliance sbom cyclonedx sbom-generator
-
Updated
Oct 21, 2025 - Kotlin
GUAC aggregates software security metadata into a high fidelity graph database.
security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom
-
Updated
Oct 20, 2025 - Go
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security
-
Updated
Oct 11, 2025 - Go
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python docker open-source tool containers compliance dependencies spdx metadata-extraction risk-management software-composition-analysis oss-compliance sbom supply-chain-security
-
Updated
Mar 12, 2024 - Python
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
oss compliance license spdx license-management fossology spdx-licenses license-checking license-scan compliance-check compliance-automation
-
Updated
Oct 16, 2025 - HTML
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
-
Updated
Oct 20, 2025 - Python
📜 Cargo plugin to generate list of all licenses for a crate 🦀
-
Updated
Sep 19, 2025 - Rust
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
golang security oss supply-chain spdx vulnerability-scanners security-automation security-tools devsecops supplychain syft sbom gomodule cyclonedx epss
-
Updated
Mar 31, 2025 - Go
🎁 wraps all package managers with a unifying CLI
windows macos linux homebrew ruby-gem npm package-manager steam yarn snap apt pip spdx flatpak php-composer mac-app-store package-url sbom cyclonedx xbar
-
Updated
Oct 13, 2025 - Python
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Oct 21, 2025 - Go
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
machine-learning supply-chain owasp specification standard bom software vex license spdx cpe swid bill-of-materials software-bill-of-materials sbom cyclonedx mbom saasbom tc54 cbom
-
Updated
Oct 20, 2025 - XSLT
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
owasp bom vex spdx hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom
-
Updated
Oct 14, 2025 - C#
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
specification spdx licenses bill-of-materials linux-foundation software-bill-of-materials software-package-data-exchange sbom spdx-sbom software-transparency
-
Updated
Oct 17, 2025 - Python
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
maven owasp maven-plugin bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator obom mbom saasbom
-
Updated
Sep 25, 2025 - Java
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
python environment poetry conda owasp python3 pip bom spdx hacktoberfest requirements bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx sbom-generator sbom-tool
-
Updated
Oct 16, 2025 - Python
Improve this page
Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."