OWASP / www-project-dependency-track

Related projects: ⓘ

• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆38Updated last year
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers…
  ☆92Updated last week
• Vulnogram / Vulnogram
  Vulnogram is a tool for creating and editing CVE information in CVE JSON format
  ☆158Updated 3 weeks ago
• chainguard-dev / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆42Updated last year
• fabric8-analytics / cvedb
  CVE database
  ☆22Updated 4 years ago
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆133Updated 5 months ago
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆92Updated 6 months ago
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆85Updated 7 months ago
• scanoss / sbom-workbench
  The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
  ☆46Updated last week
• krol3 / kubernetes-security-checklist
  Awesome resources about Security in Kubernetes
  ☆40Updated last year
• jgamblin / cve.icu
  CVE.ICU code.
  ☆34Updated this week
• CycloneDX / bom-examples
  A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
  ☆168Updated 3 months ago
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆176Updated this week
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆54Updated 2 weeks ago
• stevespringett / vulndb-data-mirror
  A simple Java command-line utility to mirror the entire contents of VulnDB.
  ☆42Updated 3 weeks ago
• CycloneDX / sbom-utility
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆88Updated last month
• CycloneDX / cyclonedx-bom-repo-server
  A BOM repository server for distributing CycloneDX BOMs
  ☆73Updated 6 months ago
• FIRSTdotorg / cvss-v4-calculator
  CVSS v4.0 calculator
  ☆21Updated last month
• jgamblin / CVElk
  Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data
  ☆45Updated 2 months ago
• oasis-open / csaf-parser
  OASIS TC Open Repository: CSAF Parser tool for parsing and checking the syntax of the Common Vulnerability Reporting Framework (CVRF) con…
  ☆23Updated 2 years ago
• SecureStackCo / visualizing-software-supply-chain
  A project to visualize the software supply chain
  ☆33Updated last year
• RedHatProductSecurity / cvelib
  A Python library and command line interface for CVE Services.
  ☆54Updated 2 months ago
• eclipse / jbom
  ☆110Updated 3 months ago
• jeremylong / Open-Vulnerability-Project
  Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnera…
  ☆110Updated 3 weeks ago
• duo-labs / narrow
  Low-effort reachability analysis for third-party code vulnerabilities.
  ☆19Updated last year
• scanoss / purl2cpe
  PURL to CPE Relationship mapping project.
  ☆69Updated this week
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆69Updated this week
• spdx / cdx2spdx
  Utility that converts SBOM documents from CycloneDX to SPDX
  ☆29Updated 8 months ago
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆123Updated 7 months ago
• CERTCC / SBOM
  Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
  ☆57Updated 5 months ago