SAP / fosstars-rating-coreLinks
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
☆62Updated 2 months ago
Alternatives and similar repositories for fosstars-rating-core
Users that are interested in fosstars-rating-core are comparing it to the libraries listed below
Sorting:
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆88Updated 3 weeks ago
- Check SPDX SBOM for NTIA minimum elements☆64Updated last week
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆22Updated 5 months ago
- A light-weight app to audit and inventory large codebases for open source license compliance.☆65Updated this week
- The model for the information captured in SPDX version 3 standard.☆85Updated last week
- Utility that provides an API and CLI to identify licenses and legal terms☆50Updated 3 weeks ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆30Updated last year
- Publications done by Double Open.☆16Updated 5 years ago
- OSS License Open Data☆12Updated 6 years ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- SBOM Edit - Conditional edits and merging of SBOMs☆72Updated this week
- Home page of project "KB"☆126Updated 3 months ago
- CaPyCLI - Python scripts for software license compliance automation with SW360☆19Updated last week
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆230Updated 10 months ago
- SPDX Tools☆137Updated 2 years ago
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated 2 years ago
- ☆100Updated 9 months ago
- This repository contains the reference material related to the OpenChain Project☆93Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆82Updated last week
- A small application which needs a better name and collects oss-license metadata and combines it☆32Updated 2 months ago
- A taxonomy of all official CycloneDX property namespaces and names☆17Updated this week
- Source for the website providing online SPDX tools☆67Updated last week
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆75Updated last month
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆158Updated this week
- Utility that provides an API platform for validating, querying and managing BOM data☆114Updated 3 weeks ago
- ☆35Updated 5 months ago
- Java library which implements the Java object model for SPDX and provides useful helper functions☆58Updated last week
- Vuln Disclosure WG's new SIG☆10Updated last year
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆184Updated last year