Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
Updated
Jun 28, 2024 - Java
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
Main repository for the official Dependency-Track Jenkins plugin
Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions
Java library which implements the Java object model for SPDX and provides useful helper functions
Lockheed Martin developed utility to compare two CycloneDX SBOMs
GitHub app for SBOM creation using cdxgen and upload to Dependency-Track
This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.
Lockheed Martin developed utility to combine multiple CycloneDX SBOMs
Experimental web service for checking the software bill-of-materials ("SBOM") for projects against license violations.
SBOM-in-a-Box is a unified platform to promote the production, consumption, and utilization of Software Bills of Materials.
This repo contains the technology stack and its usage for software supply chain security of a Java application
Caching repository for bill-of-materials metadata
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
Workshop about securing the supply chain for Java applications.
A simple expense tracker using Spring boot
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."