SAP / fosstars-rating-coreLinks
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
☆63Updated 6 months ago
Alternatives and similar repositories for fosstars-rating-core
Users that are interested in fosstars-rating-core are comparing it to the libraries listed below
Sorting:
- sbomasm: The Complete SBOM Management Toolkit☆91Updated this week
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆89Updated 4 months ago
- OSS License Open Data☆12Updated 6 years ago
- PURL to CPE Relationship mapping project.☆97Updated this week
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆96Updated this week
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆38Updated 11 months ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆34Updated last year
- ☆119Updated 6 months ago
- Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs…☆37Updated last month
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆246Updated last week
- Automating Compliance Tooling Project☆22Updated 3 years ago
- Publications done by Double Open.☆16Updated 5 years ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆104Updated this week
- Check SPDX SBOM for NTIA minimum elements☆73Updated 2 weeks ago
- A light-weight app to audit and inventory large codebases for open source license compliance.☆66Updated this week
- Utility that provides an API platform for validating, querying and managing BOM data☆121Updated last month
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆434Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆175Updated this week
- Examples of SPDX files for software combinations☆136Updated 4 months ago
- OpenSSF Endusers Working Group☆28Updated last year
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆24Updated 9 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- A taxonomy of all official CycloneDX property namespaces and names☆18Updated last month
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆542Updated last year
- A small application which needs a better name and collects oss-license metadata and combines it☆32Updated 2 months ago
- ☆102Updated last year
- Machine-readable specification for the attestation of security-relevant data.☆63Updated last month
- SBOM Search - Context aware search in SBOM repositories☆29Updated 2 weeks ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆88Updated 3 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆189Updated last year