fossas / fossa-cli
Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
☆1,375Updated this week
Alternatives and similar repositories for fossa-cli:
Users that are interested in fossa-cli are comparing it to the libraries listed below
- Reduce maintainer fatigue by automating GitHub☆813Updated last year
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆767Updated this week
- Python reference implementation of The Update Framework (TUF)☆1,662Updated this week
- A GitHub App built with Probot that closes abandoned Issues and Pull Requests after a period of inactivity.☆1,260Updated last year
- Contributor License Agreement assistant (CLA assistant)☆1,404Updated 11 months ago
- The Open Source Discovery Service☆1,125Updated 2 weeks ago
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆984Updated last year
- Software Supply Chain Transparency Log☆956Updated this week
- ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party package…☆2,271Updated this week
- Pull Requests for GitHub repository settings☆979Updated this week
- Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.☆3,948Updated 11 months ago
- SQL interface to git repositories, written in Go. https://docs.sourced.tech/gitbase☆2,079Updated last year
- Policy enforcement for your pipelines.☆466Updated last week
- GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests☆317Updated 9 months ago
- OpenSSF Scorecard - Security health metrics for Open Source☆4,884Updated this week
- LGTM is a simple pull request approval system [ARCHIVE]☆985Updated 7 years ago
- in-toto is a framework to protect supply chain integrity.☆923Updated this week
- The Update Framework specification☆389Updated 11 months ago
- 🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)☆1,261Updated last week
- Container registry which transparently builds images using the Nix package manager. Canonical repository is https://cs.tvl.fyi/depot/-/tr…☆1,878Updated 3 weeks ago
- Curated list of awesome tools for managing open source programs☆467Updated 2 months ago
- The Buildkite Agent is an open-source toolkit written in Go for securely running build jobs on any device or network☆839Updated this week
- Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…☆1,986Updated last week
- Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON☆559Updated last week
- Plugin for sudo that requires another human to approve and monitor privileged sudo sessions☆1,252Updated last year
- A proposed standard that allows websites to define security policies.☆1,819Updated 2 years ago
- Supply-chain Levels for Software Artifacts☆1,663Updated this week
- Notary is a project that allows anyone to have trust over arbitrary collections of data☆3,274Updated 9 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆396Updated this week
- container-diff: Diff your Docker containers☆3,780Updated last year