aboutcode-org / univers
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆33Updated 4 months ago
Alternatives and similar repositories for univers:
Users that are interested in univers are comparing it to the libraries listed below
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆72Updated 3 months ago
- PURL to CPE Relationship mapping project.☆82Updated this week
- Open Source Vulnerability schema.☆191Updated this week
- Python implementation of OWASP CycloneDX☆74Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆40Updated this week
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆62Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆29Updated last year
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆19Updated 3 weeks ago
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆63Updated last month
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆63Updated 8 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆289Updated this week
- Automate open source license compliance and ensure software supply chain integrity☆28Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆83Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆78Updated this week
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆31Updated 3 months ago
- The model for the information captured in SPDX version 3 standard.☆75Updated this week
- Utility that provides an API platform for validating, querying and managing BOM data☆102Updated 2 months ago
- The Keep It Simple Software Bill of Material☆11Updated 3 years ago
- Enrich SBOMs with data from third party services☆156Updated this week
- SBOM quality score - Quality metrics for your sboms☆193Updated this week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆126Updated this week
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆104Updated last month
- Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.☆66Updated this week
- Check SPDX SBOM for NTIA minimum elements☆59Updated last week
- Feed parsing for language package manager updates☆76Updated 2 months ago
- Automating Compliance Tooling Project☆20Updated 3 years ago
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆35Updated 6 months ago
- Format agnostic SBOM tooling☆97Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆71Updated this week