eBay/sbom-scorecard

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/eBay/sbom-scorecard)

eBay / sbom-scorecard

Generate a score for your sbom to understand if it will actually be useful.

☆238

Alternatives and similar repositories for sbom-scorecard

Users that are interested in sbom-scorecard are comparing it to the libraries listed below

Sorting:

interlynk-io / sbomqs
View on GitHub
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
☆269Updated this week
spdx / ntia-conformance-checker
View on GitHub
Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
☆81Feb 25, 2026Updated last week
chainguard-sandbox / bom-shelter
View on GitHub
A place to systematically store software bill of materials (SBOM) documents.
☆50Jun 1, 2023Updated 2 years ago
interlynk-io / sbomasm
View on GitHub
sbomasm: The Complete SBOM Management Toolkit
☆107Updated this week
snyk / parlay
View on GitHub
Enrich SBOMs with data from third party services
☆220Feb 11, 2026Updated 3 weeks ago
devops-kung-fu / bomber
View on GitHub
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
☆605Feb 10, 2026Updated 3 weeks ago
chainguard-dev / vex
View on GitHub
vexctl is a tool to attest VEX impact statements
☆45Mar 27, 2023Updated 2 years ago
protobom / protobom
View on GitHub
A universal SBOM representation in protocol buffers
☆319Updated this week
openvex / vexctl
View on GitHub
A tool to create, transform and attest VEX metadata
☆176Updated this week
awesomeSBOM / awesome-sbom
View on GitHub
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
☆571May 20, 2025Updated 9 months ago
openvex / spec
View on GitHub
OpenVEX Specification
☆168Jan 16, 2026Updated last month
interlynk-io / sbomgr
View on GitHub
SBOM Search - Context aware search in SBOM repositories
☆29Nov 24, 2025Updated 3 months ago
CycloneDX / sbom-utility
View on GitHub
Utility that provides an API platform for validating, querying and managing BOM data
☆128Jan 2, 2026Updated 2 months ago
nyph-infosec / daggerboard
View on GitHub
☆102Sep 27, 2024Updated last year
ossf / sbom-everywhere
View on GitHub
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
☆110Updated this week
guacsec / guac
View on GitHub
GUAC aggregates software security metadata into a high fidelity graph database.
☆1,450Updated this week
chainguard-dev / bomshell
View on GitHub
An SBOM query language and associated utilities
☆55Jan 22, 2024Updated 2 years ago
interlynk-io / sbomex
View on GitHub
SBOM Explorer - Discover and pull public SBOMs
☆20May 23, 2025Updated 9 months ago
in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆518Updated this week
advanced-security / gh-sbom
View on GitHub
Generate SBOMs with gh CLI
☆199May 30, 2025Updated 9 months ago
aquasecurity / chain-bench
View on GitHub
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
☆769Dec 11, 2024Updated last year
philips-labs / fatt
View on GitHub
fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…
☆11Jan 26, 2026Updated last month
ckotzbauer / sbom-operator
View on GitHub
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
☆221Feb 28, 2026Updated last week
kubernetes-sigs / bom
View on GitHub
A utility to generate SPDX-compliant Bill of Materials manifests
☆443Feb 26, 2026Updated last week
IBM / sbom-utility
View on GitHub
This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility
☆60Apr 17, 2023Updated 2 years ago
philips-software / SPDXMerge
View on GitHub
SPDX Merge tool
☆50Updated this week
spdx / spdx-3-model
View on GitHub
The model for the information captured in SPDX version 3 standard.
☆99Updated this week
deislabs / image-layer-provenance
View on GitHub
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
☆45Oct 30, 2023Updated 2 years ago
CycloneDX / cyclonedx-cli
View on GitHub
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
☆464Feb 10, 2026Updated 3 weeks ago
CERTCC / SBOM
View on GitHub
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
☆66Apr 8, 2024Updated last year
omnibor / spec
View on GitHub
Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
☆26Nov 17, 2025Updated 3 months ago
cdxgen / cdxgen
View on GitHub
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
☆912Updated this week
CycloneDX / bom-examples
View on GitHub
A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
☆218Oct 21, 2025Updated 4 months ago
buildsec / frsca
View on GitHub
☆255Updated this week
ckotzbauer / vulnerability-operator
View on GitHub
Scans SBOMs for vulnerabilities with Grype
☆85Feb 28, 2026Updated last week
xeol-io / xeol
View on GitHub
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
☆431Feb 1, 2026Updated last month
eclipse-jbom / jbom
View on GitHub
☆122Apr 15, 2025Updated 10 months ago
anthonyharrison / lib4vex
View on GitHub
Library to ingest and generate VEX documents
☆19Feb 19, 2026Updated 2 weeks ago
CycloneDX / cyclonedx-property-taxonomy
View on GitHub
A taxonomy of all official CycloneDX property namespaces and names
☆21Feb 27, 2026Updated last week