aboutcode-org / univers
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆34Updated 4 months ago
Alternatives and similar repositories for univers:
Users that are interested in univers are comparing it to the libraries listed below
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆73Updated 4 months ago
- PURL to CPE Relationship mapping project.☆83Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆41Updated last week
- Python implementation of OWASP CycloneDX☆78Updated this week
- Automate open source license compliance and ensure software supply chain integrity☆29Updated this week
- The model for the information captured in SPDX version 3 standard.☆77Updated this week
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆64Updated 2 weeks ago
- The Keep It Simple Software Bill of Material☆11Updated 3 years ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆28Updated last year
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆63Updated this week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆128Updated this week
- Check SPDX SBOM for NTIA minimum elements☆60Updated this week
- Find & pull public SBOMs☆16Updated 6 months ago
- Feed parsing for language package manager updates☆77Updated 3 months ago
- Open Source Vulnerability schema.☆194Updated last week
- A taxonomy of all official CycloneDX property namespaces and names☆15Updated 3 weeks ago
- SW360 Antenna project☆22Updated 3 years ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆109Updated last week
- Utility that provides an API platform for validating, querying and managing BOM data☆104Updated 3 months ago
- SBOM quality score - Quality metrics for your sboms☆195Updated 3 weeks ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆31Updated 4 months ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆20Updated last month
- Automating Compliance Tooling Project☆20Updated 3 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆294Updated this week
- CaPyCLI - Python scripts for software license compliance automation with SW360☆16Updated 2 weeks ago
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 8 months ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆82Updated this week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆186Updated 2 weeks ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆86Updated this week
- A Python library to parse, validate and create SPDX documents.☆202Updated 5 months ago