CycloneDX / cyclonedx-node-yarn
Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.
☆22Updated this week
Alternatives and similar repositories for cyclonedx-node-yarn:
Users that are interested in cyclonedx-node-yarn are comparing it to the libraries listed below
- Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.☆16Updated this week
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆84Updated last week
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 10 months ago
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆127Updated 2 months ago
- Convert between JSON Schema specification versions☆82Updated 2 months ago
- Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.☆26Updated this week
- Report on quality of SBOM contents☆17Updated 3 months ago
- Pin your GitHub actions to a specific hash☆105Updated 3 weeks ago
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆27Updated 10 months ago
- Enrich SBOMs with data from third party services☆165Updated 2 weeks ago
- [GitHub] A Command Line ToolKit for GitHub Security Alert.☆27Updated 4 months ago
- Official GitHub Action for OpenSSF Scorecard.☆293Updated this week
- Orchestrate GitHub Actions Security☆282Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆228Updated 8 months ago
- Purpose-built security agent for hosted runners☆34Updated this week
- GitHub action to generate a CycloneDX SBOM for Node.js☆21Updated 3 months ago
- A tool for bundling JSON Schema documents☆14Updated last year
- JS/TS library to easily build valid SARIF output from your javascript based SAST tools☆12Updated this week
- Keeping track of Spectral Rulesets in the wild, helping you build better, more consistent APIs, via OpenAPI, AsyncAPI, JSON Schema, etc.☆62Updated 2 months ago
- A Github Action to ensure that actions are pinned to full length commit SHAs☆43Updated last week
- SPDX Merge tool☆43Updated last month
- A simple measure of software dependency freshness.☆100Updated this week
- Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.☆70Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆34Updated 2 months ago
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- Utility that provides an API platform for validating, querying and managing BOM data☆106Updated this week
- A library to create a local github environment and easily mock github APIs using an octokit like interface☆63Updated 3 weeks ago
- Throw a tag at it and it comes back with a checksum.☆117Updated this week
- A light-weight app to audit and inventory large codebases for open source license compliance.☆64Updated this week
- JavaScript implementation of the package url spec☆28Updated last month