kubernetes-sigs/bom external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

kubernetes-sigs/bom

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/kubernetes-sigs/bom)

Close

kubernetes-sigs / bomView on GitHubMore

• External links
• Readme badge

A utility to generate SPDX-compliant Bill of Materials manifests

☆455May 19, 2026Updated this week

Alternatives and similar repositories for bom

Users that are interested in bom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• sigstore / policy-controller

  View on GitHub
  Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…
  ☆172May 8, 2026Updated 2 weeks ago
• opensbom-generator / spdx-sbom-generator

  View on GitHub
  Support CI generation of SBOMs via golang tooling.
  ☆426Jan 13, 2025Updated last year
• kubernetes-sigs / tejolote

  View on GitHub
  A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
  ☆73Updated this week
• act-project / TAC

  View on GitHub
  Automating Compliance Tooling Project
  ☆24Jan 28, 2022Updated 4 years ago
• chainguard-dev / tlogistry

  View on GitHub
  Transparenty Immutable Container Image Tags
  ☆20Jul 5, 2023Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• sigstore / gitsign

  View on GitHub
  Keyless Git signing using Sigstore
  ☆1,090Updated this week
• vmware-samples / sbom-composer

  View on GitHub
  A tool that takes two or more micro SBOMs and composes them into one distributable SBOM
  ☆23Mar 23, 2023Updated 3 years ago
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,493May 19, 2026Updated last week
• kubernetes-sigs / release-utils

  View on GitHub
  ☆24May 12, 2026Updated 2 weeks ago
• kubernetes-sigs / security-profiles-operator

  View on GitHub
  The Kubernetes Security Profiles Operator
  ☆844May 19, 2026Updated last week
• sigstore / rekor

  View on GitHub
  Software Supply Chain Transparency Log
  ☆1,144Updated this week
• openvex / vexctl

  View on GitHub
  A tool to create, transform and attest VEX metadata
  ☆192May 19, 2026Updated last week
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆242Aug 13, 2024Updated last year
• sigstore / helm-charts

  View on GitHub
  Helm charts for sigstore project
  ☆90May 15, 2026Updated last week
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• sigstore / cosign

  View on GitHub
  Code signing and transparency for containers and binaries
  ☆5,934Updated this week
• tektoncd / chains

  View on GitHub
  Supply Chain Security in Tekton Pipelines
  ☆271May 19, 2026Updated last week
• chainguard-dev / apko

  View on GitHub
  Build OCI images from APK packages directly without Dockerfile
  ☆1,615Updated this week
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆9,004Updated this week
• tern-tools / tern

  View on GitHub
  Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…
  ☆1,018Mar 12, 2024Updated 2 years ago
• awesomeSBOM / awesome-sbom

  View on GitHub
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆581May 20, 2025Updated last year
• sigstore / scaffolding

  View on GitHub
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆81Updated this week
• philips-labs / fatt

  View on GitHub
  fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…
  ☆11May 11, 2026Updated 2 weeks ago
• sse-secure-systems / connaisseur

  View on GitHub
  An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
  ☆473May 19, 2026Updated last week
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• kusaridev / spector

  View on GitHub
  Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks
  ☆34Apr 22, 2025Updated last year
• kubernetes-sigs / release-sdk

  View on GitHub
  Interfaces and implementations for building Kubernetes releases.
  ☆20Updated this week
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆179Jan 16, 2026Updated 4 months ago
• sigstore / fulcio

  View on GitHub
  Sigstore OIDC PKI
  ☆843Updated this week
• slsa-framework / slsa-github-generator

  View on GitHub
  Language-agnostic SLSA provenance generation for Github Actions
  ☆573Mar 29, 2026Updated last month
• chainguard-dev / policy-catalog

  View on GitHub
  ☆20Updated this week
• goreleaser / example-supply-chain

  View on GitHub
  Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
  ☆60May 2, 2026Updated 3 weeks ago
• philips-software / spdx-builder

  View on GitHub
  Generates SPDX bill-of-material files from a package input and license scan
  ☆13Apr 15, 2024Updated 2 years ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆1,002May 19, 2026Updated last week
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• buildsec / frsca

  View on GitHub
  ☆258May 19, 2026Updated last week
• spdx / tools-golang

  View on GitHub
  Collection of Go packages to work with SPDX files
  ☆166Feb 23, 2026Updated 3 months ago
• kubernetes-sigs / zeitgeist

  View on GitHub
  Zeitgeist: the language-agnostic dependency checker
  ☆204May 18, 2026Updated last week
• chainguard-dev / melange

  View on GitHub
  build APKs from source code
  ☆598May 18, 2026Updated last week
• chainguard-images / actions

  View on GitHub
  GitHub actions for the chainguard-images
  ☆21May 18, 2026Updated last week
• chainguard-dev / bomshell

  View on GitHub
  An SBOM query language and associated utilities
  ☆56Jan 22, 2024Updated 2 years ago
• sigstore / cosign-installer

  View on GitHub
  Cosign Github Action
  ☆198May 7, 2026Updated 2 weeks ago