aboutcode-org / container-inspector
container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relate to each other. It can also handle OCI images and Dockerfiles.
☆34Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for container-inspector
- QMSTR compliance tool☆31Updated 2 years ago
- Automating Compliance Tooling Project☆20Updated 2 years ago
- GitHub Action to get a license overview in SPDX format☆14Updated 2 years ago
- OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Is…☆49Updated 2 months ago
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated last year
- ☆61Updated 3 months ago
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 4 months ago
- OSPO Landscape☆33Updated this week
- OpenSSF Endusers Working Group☆28Updated 7 months ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆70Updated last month
- Inspect Python code and PyPI package manifests. Resolve Python dependencies.☆22Updated 3 weeks ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆57Updated last week
- Automate open source license compliance and ensure software supply chain integrity☆25Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆35Updated this week
- A light-weight app to audit and inventory large codebases for open source license compliance.☆60Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆29Updated 9 months ago
- A CLI tool for creating secure by design/default source repos.☆24Updated 3 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆68Updated last month
- OSADL license compatibility matrix as a CSV☆15Updated last week
- Umbrella Repository Service for TUF☆40Updated this week
- AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your…☆94Updated last month
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆30Updated 10 months ago
- A web based tool for working with CycloneDX BOMs☆30Updated 2 months ago
- Service to scan licenses from source code☆12Updated last year
- Find & pull public SBOMs☆16Updated 2 months ago
- SPDX Tools☆130Updated last year
- A tool to generate a SBOM (Software Bill of Materials) for an installed Python module☆25Updated last month
- SPDX Merge tool☆39Updated 2 months ago
- Curations and configuration files for the OSS Review Toolkit.☆16Updated this week
- The model for the information captured in SPDX version 3 standard.☆70Updated 2 weeks ago