aboutcode-org / universLinks
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆36Updated 7 months ago
Alternatives and similar repositories for univers
Users that are interested in univers are comparing it to the libraries listed below
Sorting:
- PURL to CPE Relationship mapping project.☆91Updated this week
- Python implementation of OWASP CycloneDX☆82Updated this week
- Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulner…☆46Updated this week
- SBOM Edit - Conditional edits and merging of SBOMs☆69Updated last week
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆10Updated 4 years ago
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆74Updated last week
- Open Source Vulnerability schema.☆199Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆92Updated last week
- Automate open source license compliance and ensure software supply chain integrity☆31Updated this week
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆22Updated 4 months ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆29Updated last year
- Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine. For expressions using SPDX …☆66Updated 2 months ago
- Check SPDX SBOM for NTIA minimum elements☆62Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆96Updated last week
- The model for the information captured in SPDX version 3 standard.☆83Updated last week
- ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored…☆133Updated this week
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆75Updated last month
- Enrich SBOMs with data from third party services☆173Updated 2 months ago
- Machine-readable specification for the attestation of security-relevant data.☆59Updated 3 weeks ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆119Updated last week
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆31Updated 7 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆310Updated this week
- Utility that provides an API platform for validating, querying and managing BOM data☆111Updated last week
- Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.☆72Updated this week
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated this week
- A fork of Bandit tool with patterns to identifying malicious python code.☆26Updated 2 years ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆81Updated this week
- SBOM Search - Context aware search in SBOM repositories☆26Updated last week
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- A small application which needs a better name and collects oss-license metadata and combines it☆32Updated last month