GitHub Action to analyze Pull Requests for open-source supply chain issues
-
Updated
Jan 27, 2022 - Python
GitHub Action to analyze Pull Requests for open-source supply chain issues
ThunderaBSA is a Binary Static Analysis tool
Python library for querying OSS Index
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
CLI Security Tool for SAST & SCA
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
Modular framework for SBOM generation that gathers file information and analyzes dependencies
The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."