anthonyharrison / lib4vex
Library to ingest and generate VEX documents
☆13Updated 2 months ago
Alternatives and similar repositories for lib4vex:
Users that are interested in lib4vex are comparing it to the libraries listed below
- A standard API specification for exchanging supply chain artifacts and intelligence☆74Updated 2 weeks ago
- A place to systematically store software bill of materials (SBOM) documents.☆44Updated last year
- ☆47Updated this week
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11Updated 5 months ago
- sbomify is an SBOM management platform.☆24Updated 3 weeks ago
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆9Updated 4 years ago
- Automate vulnerability triage which prioritizes remediation over discovery☆16Updated last week
- A Yocto meta-layer for generating CycloneDX SBOMs and automatically uploading them to Dependency Track.☆20Updated 10 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆89Updated this week
- Format agnostic SBOM tooling☆102Updated this week
- Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data☆57Updated 11 months ago
- ☆25Updated last year
- ☆100Updated 6 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆104Updated 4 months ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆66Updated this week
- VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…☆63Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆91Updated last month
- Library to ingest and generate SBOMs☆24Updated this week
- Global Security Database Tools☆42Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- SBOM quality score - Quality metrics for your sboms☆200Updated 2 weeks ago
- SPDX Merge tool☆41Updated 3 weeks ago
- apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information☆22Updated 3 years ago
- ☆61Updated 8 months ago
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 9 months ago
- Posture Attribute Collection and Evaluation☆23Updated last year
- Low-effort reachability analysis for third-party code vulnerabilities.☆20Updated last year
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- Visualizer for GUAC☆28Updated 2 weeks ago