GUAC aggregates software security metadata into a high fidelity graph database.
-
Updated
Jul 14, 2025 - Go
GUAC aggregates software security metadata into a high fidelity graph database.
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
A suite of utilities to help with software supply chain challenges on nix targets
Utility that provides an API platform for validating, querying and managing BOM data
The model for the information captured in SPDX version 3 standard.
Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.
Software Quality Management Tool
Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.
Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.
Detect Licenses, dependencies by scanning your project/repositories to discover the Open Source and Third party packages used in your code.
A library and CLI to work with CSAF and SBOM data
Use SBOM metadata to validate release integrity.
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
Copyright and License management solutions
📓 A python CLI tool to extract a software bill of materials and license info from a vcpkg manifest.
Command line tool and python package for interacting with Timesys Vigiles APIs
AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for any serious text classification task.
Heimdall is a C++ toolchain for generating Software Bills of Materials (SBOMs) from compiled binaries, extracting debug information, symbols, and dependencies with plugin support for the LLVM and gold linker. Supports gcc and clang. A CMake module is provided for easy build integration and an SPDX/CycloneDX SBOM validator for BOM validation
Add a description, image, and links to the spdx-sbom topic page so that developers can more easily learn about it.
To associate your repository with the spdx-sbom topic, visit your repo's landing page and select "manage topics."