google / deps.dev

Related projects: ⓘ

• CycloneDX / specification
  OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
  ☆359Updated 2 weeks ago
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆176Updated this week
• slsa-framework / slsa-github-generator
  Language-agnostic SLSA provenance generation for Github Actions
  ☆413Updated last week
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆223Updated 2 weeks ago
• advanced-security / gh-sbom
  Generate SBOMs with gh CLI
  ☆164Updated 9 months ago
• ossf / scorecard-action
  Official GitHub Action for OpenSSF Scorecard.
  ☆251Updated this week
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆219Updated last month
• in-toto / attestation
  in-toto Attestation Framework
  ☆231Updated this week
• openvex / spec
  OpenVEX Specification
  ☆125Updated 2 months ago
• snyk / parlay
  Enrich SBOMs with data from third party services
  ☆108Updated 3 weeks ago
• interlynk-io / sbomqs
  SBOM quality score - Quality metrics for your sboms
  ☆161Updated this week
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆63Updated this week
• anchore / sbom-action
  GitHub Action for creating software bill of materials using Syft.
  ☆162Updated this week
• ossf / sbom-everywhere
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆69Updated this week
• spdx / ntia-conformance-checker
  Check SPDX SBOM for NTIA minimum elements
  ☆52Updated 2 weeks ago
• oasis-tcs / sarif-spec
  OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
  ☆164Updated 2 weeks ago
• spdx / spdx-spec
  The SPDX specification in MarkDown and HTML formats.
  ☆287Updated last week
• ossf / wg-securing-software-repos
  OpenSSF Working Group on Securing Software Repositories
  ☆86Updated 2 months ago
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆454Updated 3 months ago
• ossf / malicious-packages
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆229Updated this week
• package-url / purl-spec
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆675Updated last month
• spdx / tools-golang
  Collection of Go packages to work with SPDX files
  ☆120Updated last month
• GitHubSecurityLab / actions-permissions
  GitHub token permissions Monitor and Advisor actions
  ☆252Updated 2 months ago
• CycloneDX / cyclonedx-go
  Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
  ☆72Updated last week
• CycloneDX / cyclonedx-cli
  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
  ☆297Updated this week
• ossf / wg-supply-chain-integrity
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
  ☆175Updated 7 months ago
• SBOMit / specification
  ☆56Updated 2 months ago
• CycloneDX / cyclonedx-bom-repo-server
  A BOM repository server for distributing CycloneDX BOMs
  ☆73Updated 6 months ago
• awesomeSBOM / awesome-sbom
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆466Updated last week
• oracle / macaron
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆131Updated this week