cdfoundation / sig-security-sbomLinks
SIG Security - Software Bill of Materials
☆18Updated 2 years ago
Alternatives and similar repositories for sig-security-sbom
Users that are interested in sig-security-sbom are comparing it to the libraries listed below
Sorting:
- Report missing advisories and corrections on OSS Index☆17Updated 2 years ago
- Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data☆59Updated last year
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆22Updated 4 months ago
- SBOM Edit - Conditional edits and merging of SBOMs☆69Updated this week
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- SBOM Search - Context aware search in SBOM repositories☆26Updated 2 weeks ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- Technical Advisory Council☆124Updated last week
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- OASIS TC Open Repository: A GitHub repository for management of non-normative information about the work of the CSAF Technical Committee,…☆20Updated 3 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- Check SPDX SBOM for NTIA minimum elements☆62Updated this week
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last week
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated 2 years ago
- The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.☆53Updated last week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Example data and supporting automation for all things OSCAL☆14Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆81Updated this week
- A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIS…☆51Updated this week
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆64Updated last year
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- Notes and reference for ongoing forecasting.☆16Updated 3 years ago
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- A documentation and tracking project with the goal of making package management systems more secure.☆50Updated 4 years ago
- Bugs Framework☆8Updated 3 weeks ago
- A community collection of security reviews of open source software components.☆94Updated last year
- This project aims to standardize the representation and management of EOL and EOS product information across the industry.☆29Updated last year
- PURL to CPE Relationship mapping project.☆91Updated this week
- A workflow automation tool for `compliance-trestle`☆10Updated last week
- OpenSSF Endusers Working Group☆28Updated last year