Alternatives and similar repositories for bom-shelter

Users that are interested in bom-shelter are comparing it to the libraries listed below

• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆237Aug 13, 2024Updated last year
• spdx / ntia-conformance-checker

  View on GitHub
  Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
  ☆79Feb 6, 2026Updated last week
• protobom / sbom-convert

  View on GitHub
  Example CLI project to demo API architecture and protobom library
  ☆25Feb 9, 2026Updated last week
• anthonyharrison / lib4vex

  View on GitHub
  Library to ingest and generate VEX documents
  ☆18Oct 2, 2025Updated 4 months ago
• interlynk-io / sbomex

  View on GitHub
  SBOM Explorer - Discover and pull public SBOMs
  ☆20May 23, 2025Updated 8 months ago
• chainguard-dev / self-attestation

  View on GitHub
  Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.
  ☆22May 4, 2023Updated 2 years ago
• OLSV-oss / OSSLicenseSimpleViewer

  View on GitHub
  OSS License Simple Viewer is a simple Excel-based tool as OSS license reference for engineers.
  ☆14Nov 20, 2020Updated 5 years ago
• CycloneDX / sbom-combiner

  View on GitHub
  Lockheed Martin developed utility to combine multiple CycloneDX SBOMs
  ☆13Jan 16, 2023Updated 3 years ago
• usnistgov / swid-tools

  View on GitHub
  ☆15Updated this week
• spdx / cdx2spdx

  View on GitHub
  Utility that converts SBOM documents from CycloneDX to SPDX
  ☆33Jan 19, 2024Updated 2 years ago
• OpenChain-Project / SBOM-sg

  View on GitHub
  This is the GitHub repo of the OpenChain SBOM Study Group
  ☆12Aug 6, 2025Updated 6 months ago
• interlynk-io / sbomqs

  View on GitHub
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆267Feb 10, 2026Updated last week
• nttcom / threatconnectome

  View on GitHub
  Vulnerability Management with SBOM
  ☆19Updated this week
• spdx / spdx-3-model

  View on GitHub
  The model for the information captured in SPDX version 3 standard.
  ☆97Updated this week
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 2 years ago
• oasis-tcs / csaf

  View on GitHub
  OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…
  ☆206Updated this week
• omnibor / spec

  View on GitHub
  Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆26Nov 17, 2025Updated 3 months ago
• interlynk-io / sbomasm

  View on GitHub
  sbomasm: The Complete SBOM Management Toolkit
  ☆103Feb 9, 2026Updated last week
• cloud-native-skunkworks / ohmyyaml

  View on GitHub
  A single repo that shows terraform, terragrunt, helm & docker
  ☆21Jun 8, 2022Updated 3 years ago
• bomctl / bomctl

  View on GitHub
  Format agnostic SBOM tooling
  ☆131Nov 20, 2025Updated 2 months ago
• spdx / spdx-to-osv

  View on GitHub
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆65May 27, 2024Updated last year
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆167Jan 16, 2026Updated last month
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆315Feb 10, 2026Updated last week
• developer-guy / container-image-sign-and-verify-with-cosign-and-opa

  View on GitHub
  This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
  ☆63Aug 4, 2021Updated 4 years ago
• CycloneDX / bom-examples

  View on GitHub
  A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
  ☆217Oct 21, 2025Updated 3 months ago
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆99Jan 26, 2026Updated 3 weeks ago
• nyph-infosec / daggerboard

  View on GitHub
  ☆102Sep 27, 2024Updated last year
• spdx / tools

  View on GitHub
  SPDX Tools
  ☆143Oct 7, 2025Updated 4 months ago
• xebia / falco-eks-audit-bridge

  View on GitHub
  Enable Falco to read audit logs from EKS
  ☆11Dec 13, 2020Updated 5 years ago
• aquasecurity / vim-tfsec

  View on GitHub
  List your tfsec issues in the QuickFix window with this plugin.
  ☆12May 16, 2022Updated 3 years ago
• Hitachi / open-license

  View on GitHub
  OSS License Open Data
  ☆12Jun 28, 2019Updated 6 years ago
• org-metaeffekt / metaeffekt-universe

  View on GitHub
  Project providing insights on the metaeffekt license database.
  ☆12Feb 2, 2026Updated 2 weeks ago
• sbs2001 / purl2cpe

  View on GitHub
  This is a mapping of CPEs to package urls created by using VulnerableCode's data
  ☆10Aug 14, 2020Updated 5 years ago
• SAP / risk-explorer-for-software-supply-chains

  View on GitHub
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆79Feb 7, 2026Updated last week
• puerco / bomshell

  View on GitHub
  An query language and interactive tooling to work with SBOM data.
  ☆15Oct 7, 2024Updated last year
• blackducksoftware / bdio

  View on GitHub
  Black Duck I/O
  ☆13Mar 28, 2025Updated 10 months ago
• CariZa / tekton-examples

  View on GitHub
  A practice repo to collect examples of using tekton with kubernetes
  ☆11May 18, 2020Updated 5 years ago
• edgebitio / edgebit-agent

  View on GitHub
  Linux agent used to submit realtime SBOMs and dependency usage information to EdgeBit
  ☆15Jan 24, 2025Updated last year
• privateerproj / privateer

  View on GitHub
  Privateer is a plugin-based framework to validate the status of deployed resources.
  ☆17Feb 5, 2026Updated last week