SAP / fosstars-rating-coreLinks
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
☆63Updated 5 months ago
Alternatives and similar repositories for fosstars-rating-core
Users that are interested in fosstars-rating-core are comparing it to the libraries listed below
Sorting:
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆88Updated 3 months ago
- A light-weight app to audit and inventory large codebases for open source license compliance.☆66Updated this week
- ☆101Updated 11 months ago
- PURL to CPE Relationship mapping project.☆94Updated this week
- Publications done by Double Open.☆16Updated 5 years ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆34Updated last year
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆64Updated last year
- Check SPDX SBOM for NTIA minimum elements☆67Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- OSS License Open Data☆12Updated 6 years ago
- Support CI generation of SBOMs via golang tooling.☆425Updated 8 months ago
- A small application which needs a better name and collects oss-license metadata and combines it☆32Updated last month
- We have moved and *archived* this repository. Pls. continue at the new place at https://github.com/eclipse/sw360 ... A software component…☆37Updated 7 years ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆423Updated this week
- Automating Compliance Tooling Project☆21Updated 3 years ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆102Updated this week
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆235Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆170Updated last week
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆96Updated this week
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆23Updated 7 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆119Updated 3 weeks ago
- OpenSSF Endusers Working Group☆28Updated last year
- sbomasm: The Complete SBOM Management Toolkit☆77Updated last week
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆543Updated last year
- SPDX Tools☆142Updated 2 years ago
- A taxonomy of all official CycloneDX property namespaces and names☆18Updated last week
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆78Updated last month
- The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.☆56Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆61Updated last month
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆201Updated 5 months ago