CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Aug 6, 2024 - Go
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
SBOM quality score - Quality metrics for your sboms
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
Utility that provides an API platform for validating, querying and managing BOM data
Scans SBOMs for vulnerabilities with Grype
Search an SBOM for licenses and the packages they belong to
Example goreleaser + github actions config with keyless signing and SBOM generation
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."