philips-software / license-scanner
Service to scan licenses from source code
☆12Updated last year
Alternatives and similar repositories for license-scanner:
Users that are interested in license-scanner are comparing it to the libraries listed below
- Low-effort reachability analysis for third-party code vulnerabilities.☆20Updated last year
- OSS License Open Data☆12Updated 5 years ago
- A CVRF CSAF Converter, taking care about OASIS specification.☆10Updated 2 months ago
- apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information☆22Updated 3 years ago
- A library for parsing security advisories☆13Updated 6 months ago
- Report missing advisories and corrections on OSS Index☆17Updated 2 years ago
- A place to systematically store software bill of materials (SBOM) documents.☆44Updated last year
- A collection of scripts for license compliance scanning, mostly experimental☆22Updated last month
- The Keep It Simple Software Bill of Material☆11Updated 3 years ago
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆63Updated this week
- Automating Compliance Tooling Project☆20Updated 3 years ago
- ☆13Updated 5 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated last month
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆20Updated last month
- Report on quality of SBOM contents☆17Updated 2 months ago
- Find & pull public SBOMs☆16Updated 6 months ago
- Automate open source license compliance and ensure software supply chain integrity☆29Updated this week
- A Yocto meta-layer for generating CycloneDX SBOMs and automatically uploading them to Dependency Track.☆19Updated 9 months ago
- The model for the information captured in SPDX version 3 standard.☆77Updated this week
- Utility that converts SBOM documents from CycloneDX to SPDX☆28Updated last year
- container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…☆36Updated 7 months ago
- CVE database☆22Updated 4 years ago
- A light-weight app to audit and inventory large codebases for open source license compliance.☆61Updated this week
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆11Updated last week
- Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…☆17Updated 2 years ago
- VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…☆63Updated last month
- This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles☆84Updated this week
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 9 months ago