aboutcode-org / universLinks
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆37Updated last month
Alternatives and similar repositories for univers
Users that are interested in univers are comparing it to the libraries listed below
Sorting:
- PURL to CPE Relationship mapping project.☆97Updated this week
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆79Updated last month
- Automate open source license compliance and ensure software supply chain integrity☆35Updated last week
- Python implementation of OWASP CycloneDX☆90Updated last week
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆69Updated 3 months ago
- Open Source Vulnerability schema.☆212Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆52Updated last week
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆10Updated 5 years ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆34Updated last year
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆24Updated 9 months ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆104Updated last week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆152Updated this week
- The Keep It Simple Software Bill of Material☆11Updated 3 years ago
- sbomasm: The Complete SBOM Management Toolkit☆91Updated this week
- The model for the information captured in SPDX version 3 standard.☆95Updated this week
- OSS License Open Data☆12Updated 6 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆389Updated this week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆635Updated last week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆201Updated 3 weeks ago
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆37Updated 7 months ago
- Machine-readable specification for the attestation of security-relevant data.☆63Updated last month
- OSADL license compatibility matrix as a CSV☆16Updated 10 months ago
- The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.☆343Updated this week
- Enrich SBOMs with data from third party services☆196Updated 2 months ago
- Check SPDX SBOM for NTIA minimum elements☆73Updated 3 weeks ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆38Updated 11 months ago
- A Python library to parse, validate and create SPDX documents.☆227Updated 3 months ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆244Updated this week
- Publications done by Double Open.☆16Updated 5 years ago
- SPDX Tools☆143Updated 2 weeks ago