SAP / fosstars-rating-core
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
☆60Updated last week
Related projects ⓘ
Alternatives and complementary repositories for fosstars-rating-core
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆81Updated this week
- SPDX Tools☆132Updated last year
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆83Updated 3 months ago
- Automating Compliance Tooling Project☆20Updated 2 years ago
- Service to scan licenses from source code☆12Updated last year
- Publications done by Double Open.☆16Updated 4 years ago
- OSS License Open Data☆12Updated 5 years ago
- SW360 project☆123Updated this week
- ☆111Updated 5 months ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆29Updated 10 months ago
- Check SPDX SBOM for NTIA minimum elements☆53Updated last week
- ☆101Updated last month
- We have moved and *archived* this repository. Pls. continue at the new place at https://github.com/eclipse/sw360 ... A software component…☆35Updated 6 years ago
- Utility that provides an API platform for validating, querying and managing BOM data☆95Updated this week
- The Keep It Simple Software Bill of Material☆11Updated 2 years ago
- A collection of scripts for license compliance scanning, mostly experimental☆22Updated 4 months ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆19Updated last year
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆57Updated 3 weeks ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆32Updated last year
- PURL to CPE Relationship mapping project.☆79Updated this week
- Home page of project "KB"☆114Updated 3 weeks ago
- CaPyCLI - Python scripts for software license compliance automation with SW360☆13Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆181Updated last week
- WARNING - Work in Progress - It is not Bug Free! Use with Caution. This repository contains Dockerfiles and accompanying scripts that all…☆13Updated 2 years ago
- A small application which needs a better name and collects oss-license metadata and combines it☆31Updated last month
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆71Updated 3 weeks ago
- Java library which implements the Java object model for SPDX and provides useful helper functions☆37Updated last week
- A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIS…☆47Updated last week
- A place to systematically store software bill of materials (SBOM) documents.☆44Updated last year