fossas / fossa-cli
Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
β1,291Updated this week
Related projects β
Alternatives and complementary repositories for fossa-cli
- πOpen Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)β1,216Updated last week
- Reduce maintainer fatigue by automating GitHubβ811Updated 7 months ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobbyβ694Updated this week
- SQL interface to git repositories, written in Go. https://docs.sourced.tech/gitbaseβ2,066Updated last year
- Container registry which transparently builds images using the Nix package manager. Canonical repository is https://cs.tvl.fyi/depot/-/trβ¦β1,826Updated 8 months ago
- CUE has moved to https://github.com/cue-lang/cueβ3,085Updated 3 years ago
- Find licenses for your project's dependencies.β1,734Updated 3 months ago
- A License Classifierβ315Updated 7 months ago
- Notary is a project that allows anyone to have trust over arbitrary collections of dataβ3,235Updated 3 months ago
- Artifact Metadata APIβ1,519Updated 3 months ago
- The licensecheck package classifies license files and heuristically determines how well they correspond to known open source licenses.β452Updated 7 months ago
- The Buildkite Agent is an open-source toolkit written in Go for securely running build jobs on any device or networkβ812Updated this week
- High-performance extensible build system for reproducible multi-language builds.β2,475Updated this week
- Contributor License Agreement assistant (CLA assistant)β1,345Updated 5 months ago
- Repolinter, The Open Source Repository Linterβ428Updated 2 months ago
- Python reference implementation of The Update Framework (TUF)β1,633Updated this week
- Kubernetes application deployments for restricted, regulated, or remote environmentsβ1,080Updated last year
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockβ¦β967Updated 8 months ago
- Fully static, unprivileged, self-contained, containers as executable binaries.β2,514Updated 5 years ago
- Pull Requests for GitHub repository settingsβ933Updated this week
- Software Supply Chain Transparency Logβ900Updated this week
- GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requestsβ300Updated 3 months ago
- Keep your fish fresh!β811Updated 2 years ago
- Snyk CLI scans and monitors your projects for security vulnerabilities.β4,956Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductioβ¦β365Updated this week
- Policy enforcement for your pipelines.β436Updated last week
- A bot that integrates with GitHub and your favorite continuous integration serviceβ330Updated 4 years ago
- CLI that provides on-demand secrets access for common DevOps toolsβ705Updated 3 months ago
- A fast partial replacement for the codemod toolβ1,682Updated 6 months ago
- A Ruby Gem to detect under what license a project is distributed.β795Updated this week