IBM/sbom-utility

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/IBM/sbom-utility)

IBM / sbom-utility

This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility

☆60

Alternatives and similar repositories for sbom-utility

Users that are interested in sbom-utility are comparing it to the libraries listed below

Sorting:

nyph-infosec / daggerboard
View on GitHub
☆102Sep 27, 2024Updated last year
dekkagaijin / spiffe-sigstore-tutorial
View on GitHub
☆11Nov 11, 2022Updated 3 years ago
tacosframework / TACOS-spec
View on GitHub
TACOS framework structural details
☆20May 12, 2025Updated 10 months ago
CycloneDX / transparency-exchange-api
View on GitHub
A standard API specification for exchanging supply chain artifacts and intelligence
☆103Mar 13, 2026Updated last week
philips-software / SPDXMerge
View on GitHub
SPDX Merge tool
☆51Mar 2, 2026Updated 2 weeks ago
chainguard-dev / vex
View on GitHub
vexctl is a tool to attest VEX impact statements
☆45Mar 27, 2023Updated 2 years ago
armijnhemel / compliance-scripts
View on GitHub
A collection of scripts for license compliance scanning, mostly experimental
☆21Jun 16, 2025Updated 9 months ago
omnibor / bomsh
View on GitHub
Collection of tools for producing and exploring OmniBOR data.
☆22Oct 31, 2024Updated last year
iriusrisk / OpenThreatModel
View on GitHub
The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
☆181Dec 11, 2025Updated 3 months ago
hakbot / hakbot-origin-controller
View on GitHub
Vendor-Neutral Security Tool Automation Controller (over REST)
☆28Jun 28, 2019Updated 6 years ago
Permiso-io-tools / cloudtail
View on GitHub
☆30Jan 13, 2026Updated 2 months ago
eBay / sbom-scorecard
View on GitHub
Generate a score for your sbom to understand if it will actually be useful.
☆239Aug 13, 2024Updated last year
vmware-samples / sbom-composer
View on GitHub
A tool that takes two or more micro SBOMs and composes them into one distributable SBOM
☆23Mar 23, 2023Updated 3 years ago
IBM / gauge
View on GitHub
Measure release insights and recommendations for open-source dependencies. Note: this project is archived.
☆10Jan 3, 2023Updated 3 years ago
kissbom / kissbom-spec
View on GitHub
The Keep It Simple Software Bill of Material
☆11Jan 31, 2022Updated 4 years ago
sbs2001 / purl2cpe
View on GitHub
This is a mapping of CPEs to package urls created by using VulnerableCode's data
☆10Aug 14, 2020Updated 5 years ago
Hitachi / open-license
View on GitHub
OSS License Open Data
☆12Jun 28, 2019Updated 6 years ago
wolfi-dev / community
View on GitHub
Documents and tools powering the Wolfi OS community
☆24Sep 26, 2025Updated 5 months ago
appvia / cosign-keyless-admission-webhook
View on GitHub
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
☆24Feb 19, 2026Updated last month
org-metaeffekt / metaeffekt-universe
View on GitHub
Project providing insights on the metaeffekt license database.
☆12Feb 24, 2026Updated 3 weeks ago
quic / lid
View on GitHub
License Identifier
☆14Mar 25, 2021Updated 4 years ago
ckotzbauer / sbom-operator
View on GitHub
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
☆223Mar 15, 2026Updated last week
eclipse-jbom / jbom
View on GitHub
☆122Apr 15, 2025Updated 11 months ago
philips-software / license-scanner
View on GitHub
Service to scan licenses from source code
☆12Aug 14, 2023Updated 2 years ago
chris-short / chkcerts
View on GitHub
A Go program to display certificate chains simply and quickly with an easy to remember syntax
☆28Oct 28, 2024Updated last year
liberapay / git-lfs-fetch.py
View on GitHub
Lightweight Git Large File Storage fetcher written in python
☆34Apr 7, 2023Updated 2 years ago
hyperledger-labs / SParts
View on GitHub
The Software Parts (SParts) lab delivers a Sawtooth-based ledger that provides both accountability and access to the open source componen…
☆12Feb 20, 2020Updated 6 years ago
devops-kung-fu / hookz
View on GitHub
Manages client side git hooks resulting in the ability to create git action pipelines.
☆78Jul 5, 2024Updated last year
vinland-technology / flict
View on GitHub
free and open source software license compatibility tool.
☆51Apr 9, 2025Updated 11 months ago
hasheddan / veneer
View on GitHub
A library for representing OCI image layers in an abstract filesystem
☆27Jul 9, 2020Updated 5 years ago
ckotzbauer / vulnerability-operator
View on GitHub
Scans SBOMs for vulnerabilities with Grype
☆85Updated this week
philips-labs / fatt
View on GitHub
fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…
☆11Updated this week
cdxgen / cdxgen
View on GitHub
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
☆919Updated this week
Excoriate / daggerverse
View on GitHub
A collection of Dagger modules powered by Dagger.
☆17Aug 3, 2025Updated 7 months ago
renovatebot / osv-offline
View on GitHub
A collection of packages for using GitHub security advisories in Node.js.
☆18Mar 16, 2026Updated last week
tap8stry / orion
View on GitHub
Go beyond package manager discovery for SBOM
☆18Feb 22, 2022Updated 4 years ago
kubernetes-retired / contributor-tweets
View on GitHub
Repo for automating tweets to the K8sContributor twitter account owned by the k8s Contributor Comms Team within SIG-contribex (https://gi…
☆13Sep 8, 2023Updated 2 years ago
doubleopen-project / doubleopen-publications
View on GitHub
Publications done by Double Open.
☆16Jun 5, 2020Updated 5 years ago
estafette / estafette-vulnerability-scanner
View on GitHub
An application that regularly scans all containers in a Kubernetes cluster for vulnerabilities
☆50Apr 27, 2023Updated 2 years ago