IBM / cbomkit-theia
A tool for detecting cryptographic assets in container images and directories, and generating CBOMs.
☆14Updated this week
Alternatives and similar repositories for cbomkit-theia:
Users that are interested in cbomkit-theia are comparing it to the libraries listed below
- A toolset for dealing with Cryptography Bill of Materials (CBOM)☆27Updated last week
- This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.☆30Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆74Updated 2 weeks ago
- in-toto is a framework to secure the software supply chain.☆70Updated 2 months ago
- Tools and utilities needed to parse GitHub Multi-Repository Variant Analysis output☆18Updated 5 months ago
- Format agnostic SBOM tooling☆102Updated this week
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆62Updated last year
- sbomify is an SBOM management platform.☆24Updated 3 weeks ago
- ☆61Updated 8 months ago
- Visualizer for GUAC☆28Updated 2 weeks ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆72Updated 6 months ago
- Cryptography Bill of Materials☆65Updated last month
- Network Cryptography Monitor - using eBPF, written in python☆28Updated last week
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆73Updated last year
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆70Updated 5 months ago
- A place to systematically store software bill of materials (SBOM) documents.☆44Updated last year
- Sharing software supply chain security open source projects☆46Updated 2 years ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆89Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆80Updated last week
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11Updated 5 months ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated last year
- Repository for on-going work as part of the AIBOM Tiger Team effort.☆19Updated 6 months ago
- ☆69Updated 2 months ago
- ☆16Updated 8 months ago
- SPDX Merge tool☆41Updated 3 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Go implementation of witness☆33Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated last year
- Go module to generate and transform VEX documents☆39Updated last week
- Library to ingest and generate VEX documents☆13Updated 2 months ago