Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
-
Updated
Feb 26, 2020 - Go
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
An example project that demonstrates how to automate a release with SBOM generation using Syft
vexctl is a tool to attest VEX impact statements
Tool to inspect and push and SPDX document as an OCI artifact
Automates creation of Software Bill of Materials (SBOM) with Binary Authorization attestation for container images in Artifact Registry.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
A Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
Tool for SBOM (Software Bill Of Materials) collection from filesystems & GitHub repositories.
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
build-observer is a tool to observe the build process of a project and create a log of all files that are read, written or executed during the build.
Find & pull public SBOMs
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."