aboutcode-org / container-inspector
container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relate to each other. It can also handle OCI images and Dockerfiles.
☆37Updated last month
Alternatives and similar repositories for container-inspector:
Users that are interested in container-inspector are comparing it to the libraries listed below
- Inspect Python code and PyPI package manifests. Resolve Python dependencies.☆22Updated 2 weeks ago
- AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your…☆96Updated 3 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆88Updated last week
- Automate open source license compliance and ensure software supply chain integrity☆31Updated this week
- GitHub Action to get a license overview in SPDX format☆14Updated 3 years ago
- QMSTR compliance tool☆32Updated 2 years ago
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆65Updated 3 weeks ago
- ☆62Updated 9 months ago
- Machine-readable specification for the attestation of security-relevant data.☆59Updated last week
- A light-weight app to audit and inventory large codebases for open source license compliance.☆65Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆45Updated last week
- Automating Compliance Tooling Project☆21Updated 3 years ago
- Find & pull public SBOMs☆18Updated 7 months ago
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated 2 years ago
- bomsh is collection of tools to explore the OmniBOR idea☆21Updated 5 months ago
- Sbommage is an interactive terminal frontend for viewing Software Bill of Materials (SBOM) files in various formats.☆26Updated 2 months ago
- OSPO Landscape☆36Updated this week
- Service to scan licenses from source code☆12Updated last year
- Prospector permits automated collection of a wide range of metrics of open source projects useful in evaluating the project.☆66Updated 6 years ago
- SPDX Merge tool☆43Updated this week
- Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs…☆35Updated 6 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 2 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- Report on quality of SBOM contents☆17Updated 4 months ago
- Hermeto is a CLI tool that pre-fetches your project's dependencies to aid in making your build process network-isolated.☆13Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆28Updated last year
- SPDX 2.0 document creation and storage☆16Updated 2 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated last year
- SPDX Tools☆136Updated last year
- Doc, wiki and organizational content for ClearlyDefined☆94Updated 2 weeks ago