An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Tool to achieve policy driven vetting of open source dependencies
OWASP Dependency Track API client for intergration into CI/CD pipeline
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."