Alternatives and similar repositories for vulndb:

Users that are interested in vulndb are comparing it to the libraries listed below

• ossf / ossf-landscape
  ☆27Updated this week
• anchore / yardstick
  Compare vulnerability scanners results (to make them better!)
  ☆16Updated last week
• ossf / toolbelt
  ☆18Updated 8 months ago
• spdx / spdx-to-osv
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆63Updated 8 months ago
• oasis-tcs / openeox
  OASIS OpenEoX TC: The purpose of this repository is to support version control for Work Product artifacts developed by members of the OAS…
  ☆14Updated this week
• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆45Updated 2 years ago
• philips-software / SPDXMerge
  SPDX Merge tool
  ☆41Updated this week
• ComplianceAsCode / auditree-arboretum
  The Auditree common fetchers, checks and harvest reports library.
  ☆17Updated last year
• chainguard-dev / bomshell
  An SBOM query language and associated utilities
  ☆54Updated last year
• ComplianceAsCode / auditree-harvest
  The Auditree data gathering and reporting tool.
  ☆13Updated 5 months ago
• sonatype-nexus-community / ahab
  ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.
  ☆68Updated 10 months ago
• anchore / vulnerability-match-labels
  Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners
  ☆11Updated this week
• ossf / Project-Security-Metrics
  Collect, curate, and communicate relevant security metrics for open source projects.
  ☆63Updated 11 months ago
• anchore / grype-db
  ☆41Updated this week
• google / container-explorer
  ☆80Updated 2 months ago
• anchore / grype-vscode
  Grype vulnerability check plugin for Visual Studio Code
  ☆22Updated 2 months ago
• sigstore / rekor-monitor
  Log monitor for Rekor to verify immutability and monitor entries
  ☆30Updated this week
• aquasecurity / bench-common
  Common code for hardening benchmarks
  ☆12Updated last year
• christophebedard / dco-check
  Simple DCO check script to be used in any CI
  ☆16Updated 5 months ago
• old-xebis / repository-template
  Highly automated, up-to-date, and well-documented repository template. Checks for common problems, Markdown, YAML, Bash, formats, lints, …
  ☆15Updated last year
• chainguard-dev / clank
  Simple tool that allows you to detect imposter commits in GitHub Actions workflows.
  ☆23Updated 2 months ago
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated 3 weeks ago
• kubescape / github-action
  GitHub action to run Kubescape scans
  ☆20Updated 2 months ago
• vmware-samples / sbom-composer
  A tool that takes two or more micro SBOMs and composes them into one distributable SBOM
  ☆23Updated last year
• wolfi-dev / advisories
  Security advisory data for Wolfi
  ☆13Updated this week
• anchore / vunnel
  Tool for collecting vulnerability data from various sources (used to build the grype database)
  ☆83Updated this week
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆100Updated this week
• aquasecurity / vuln-list-update
  ☆179Updated this week
• docker / buildkit-syft-scanner
  BuildKit Syft scanner
  ☆28Updated last month
• VexStore / fatbom
  fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…
  ☆32Updated 2 years ago