SAP / fosstars-rating-coreLinks
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
☆63Updated 6 months ago
Alternatives and similar repositories for fosstars-rating-core
Users that are interested in fosstars-rating-core are comparing it to the libraries listed below
Sorting:
- OSS License Open Data☆12Updated 6 years ago
- A light-weight app to audit and inventory large codebases for open source license compliance.☆66Updated this week
- Publications done by Double Open.☆16Updated 5 years ago
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆88Updated 3 months ago
- sbomasm: The Complete SBOM Management Toolkit☆85Updated last week
- A small application which needs a better name and collects oss-license metadata and combines it☆32Updated last month
- Automating Compliance Tooling Project☆22Updated 3 years ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆245Updated last week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆23Updated 8 months ago
- PURL to CPE Relationship mapping project.☆95Updated this week
- SPDX 2.0 document creation and storage☆16Updated 2 years ago
- Check SPDX SBOM for NTIA minimum elements☆72Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆34Updated last year
- ☆102Updated last year
- Machine-readable specification for the attestation of security-relevant data.☆63Updated 2 weeks ago
- free and open source software license compatibility tool.☆48Updated 5 months ago
- Plugin for supporting SPDX in a Maven build.☆57Updated 2 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆429Updated last week
- Examples of SPDX files for software combinations☆136Updated 3 months ago
- SBOM Search - Context aware search in SBOM repositories☆29Updated this week
- SCANOSS Open Source Inventory Engine☆39Updated 2 weeks ago
- Utility that provides an API platform for validating, querying and managing BOM data☆120Updated last week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆332Updated 2 years ago
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆97Updated this week
- OpenSSF Endusers Working Group☆28Updated last year
- Project providing insights on the metaeffekt license database.☆12Updated 3 weeks ago
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆37Updated 6 months ago
- A BOM repository server for distributing CycloneDX BOMs☆81Updated 3 months ago
- Service to scan licenses from source code☆12Updated 2 years ago