Skip to content


  • Arctic Code Vault Contributor
  • Pro


@jenkinsci @maintainers @CycloneDX @package-url @DependencyTrack


  1. Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

    Java 561 182

  2. Software Bill-of-Material (SBOM) specification designed for use in application security contexts and supply chain component analysis

    XSLT 31 9

  3. A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at

    126 32

  4. Software Component Verification Standard (SCVS)

    Python 47 7

  5. A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

    Java 14 7

  6. A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

    Java 15 10

2,065 contributions in the last year

Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Mon Wed Fri

Contribution activity

August 2020

Created an issue in CycloneDX/specification that received 4 comments

Add audit schema extension

The ability to optionally supplement the BOM with results of human analysis and opinion is required for moderate to high assurance use cases. Examp…


Seeing something unexpected? Take a look at the GitHub profile guide.

You can’t perform that action at this time.