aboutcode-org / univers
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆35Updated 6 months ago
Alternatives and similar repositories for univers:
Users that are interested in univers are comparing it to the libraries listed below
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆73Updated last month
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆45Updated 3 weeks ago
- PURL to CPE Relationship mapping project.☆87Updated this week
- SBOM Edit - Conditional edits and merging of SBOMs☆69Updated last week
- Python implementation of OWASP CycloneDX☆80Updated this week
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆21Updated 3 months ago
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆66Updated last month
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆90Updated last week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆94Updated last week
- Open Source Vulnerability schema.☆200Updated this week
- The Keep It Simple Software Bill of Material☆11Updated 3 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆307Updated this week
- Check SPDX SBOM for NTIA minimum elements☆61Updated last week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆131Updated last week
- The model for the information captured in SPDX version 3 standard.☆82Updated last week
- Automate open source license compliance and ensure software supply chain integrity☆31Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆79Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆28Updated last year
- Feed parsing for language package manager updates☆79Updated 5 months ago
- Enrich SBOMs with data from third party services☆171Updated last month
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated 2 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆109Updated 2 weeks ago
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆9Updated 4 years ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆31Updated 6 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated 3 weeks ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆576Updated this week
- SBOM quality score - Quality metrics for your sboms☆206Updated last week
- The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.☆52Updated last week
- OpenVEX Specification☆150Updated last month
- A taxonomy of all official CycloneDX property namespaces and names☆16Updated last month