SPDX Merge tool
☆50Apr 22, 2025Updated 10 months ago
Alternatives and similar repositories for SPDXMerge
Users that are interested in SPDXMerge are comparing it to the libraries listed below
Sorting:
- GitHub action to produce a SBOM report from a given Black Duck project☆12Feb 5, 2026Updated 3 weeks ago
- ☆20Feb 5, 2026Updated 3 weeks ago
- Automating Compliance Tooling Project☆22Jan 28, 2022Updated 4 years ago
- License Identifier☆14Mar 25, 2021Updated 4 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Apr 17, 2023Updated 2 years ago
- Security advisory data for Wolfi☆20Jan 7, 2026Updated last month
- The model for the information captured in SPDX version 3 standard.☆98Updated this week
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆18Feb 6, 2026Updated 3 weeks ago
- A tool to create, transform and attest VEX metadata☆176Updated this week
- Documents and tools powering the Wolfi OS community☆24Sep 26, 2025Updated 5 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago
- apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information☆25Feb 4, 2022Updated 4 years ago
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆29Sep 27, 2023Updated 2 years ago
- Terraform provider to perform OCI image operations☆15Updated this week
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Jan 26, 2026Updated last month
- List your tfsec issues in the QuickFix window with this plugin.☆12May 16, 2022Updated 3 years ago
- demo of keyless signing with the sigstore kubernetes policy controller☆11Sep 7, 2022Updated 3 years ago
- Cloud Storage Kubernetes Operator with Go and Operator SDK☆12Nov 20, 2020Updated 5 years ago
- OSS License Open Data☆12Jun 28, 2019Updated 6 years ago
- Red team tool that emulates the SolarWinds CI compromise attack vector.☆24Mar 15, 2024Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod☆13Jan 20, 2026Updated last month
- Showcasing the potential of SPIFFE with real-life services☆10Jan 27, 2026Updated last month
- A High-Availability distribution of Knative.☆20Mar 20, 2024Updated last year
- An SBOM query language and associated utilities☆55Jan 22, 2024Updated 2 years ago
- OSS License Simple Viewer is a simple Excel-based tool as OSS license reference for engineers.☆14Nov 20, 2020Updated 5 years ago
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- ☆29Aug 9, 2024Updated last year
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆35Jan 4, 2026Updated last month
- Trust Dexter to ensure that all your images are pinned by digest for better security☆31Nov 8, 2023Updated 2 years ago
- iterating over YAML!☆13Feb 9, 2026Updated 2 weeks ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Oct 24, 2022Updated 3 years ago
- Play with KinD and OIDC volumes☆15Oct 24, 2021Updated 4 years ago
- A fast, declarative, and extensible package manager for Kotlin.☆11Sep 9, 2025Updated 5 months ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Dec 21, 2022Updated 3 years ago
- SBOM Move - Automate build and transfer of SBOMs across systems☆25Updated this week
- Generate SBOMs with gh CLI☆199May 30, 2025Updated 9 months ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆269Updated this week