aboutcode-org / purldb
Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
☆34Updated 2 weeks ago
Related projects: ⓘ
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆108Updated this week
- Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs…☆30Updated last month
- Open Source Vulnerability schema.☆176Updated this week
- Python implementation of OWASP CycloneDX☆66Updated this week
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆65Updated 2 weeks ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆54Updated this week
- OpenVEX Specification☆125Updated 2 months ago
- OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Is…☆49Updated 2 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆69Updated this week
- Format agnostic SBOM tooling☆63Updated this week
- The model for the information captured in SPDX version 3 standard.☆68Updated last week
- PURL to CPE Relationship mapping project.☆69Updated this week
- Check SPDX SBOM for NTIA minimum elements☆52Updated 2 weeks ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last week
- Automate open source license compliance and ensure software supply chain integrity☆21Updated 2 weeks ago
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆34Updated last month
- A CLI tool for creating secure by design/default source repos.☆24Updated last month
- SBOM quality score - Quality metrics for your sboms☆161Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆229Updated this week
- SBOM Grep - search through SBOMs☆20Updated this week
- Automating Compliance Tooling Project☆20Updated 2 years ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆43Updated 3 weeks ago
- Inspect Python code and PyPI package manifests. Resolve Python dependencies.☆21Updated last month
- ☆45Updated this week
- ☆17Updated 3 months ago
- Feed parsing for language package manager updates☆71Updated last week
- Find & pull public SBOMs☆13Updated 3 weeks ago
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆131Updated this week
- A Python library to parse, validate and create SPDX documents.☆178Updated 3 weeks ago