SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.

Bitbucket pipe to generate a CycloneDX sBOM for Java, Go, Python & Node projects

This repo hosts a github action to run parlay( which is used to Enrich SBOMs with data from third party services ) in piplines

Comment SBOM diffs as PR comments.

Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.

Bitbucket pipe to generate a CycloneDX sBOM for node/npm projects

Microsoft开源sbom-tool工具生成GitHub的Java前100名项目的SBOM

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.