philips-software / spdx-builder

Related projects ⓘ

Alternatives and complementary repositories for spdx-builder

• philips-software / spdx-action
  GitHub Action to get a license overview in SPDX format
  ☆14Updated 2 years ago
• intuit / innersource-scanner
  A java api and command line tool for scanning, reporting and fixing a git repository's InnerSource Readiness based on a supplied specific…
  ☆20Updated last year
• CycloneDX / cyclonedx-web-tool
  A web based tool for working with CycloneDX BOMs
  ☆30Updated 3 months ago
• evryfs / sbom-dependency-submission-action
  Submit SBOMs to GitHub's dependency submission API
  ☆12Updated last year
• philips-software / blackduck-report-action
  GitHub action to produce a SBOM report from a given Black Duck project
  ☆12Updated 11 months ago
• oss-review-toolkit / ort-ci-github-action
  Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs
  ☆24Updated 5 months ago
• act-project / TAC
  Automating Compliance Tooling Project
  ☆20Updated 2 years ago
• sigstore / root-signing
  TUF repository for Sigstore trust root
  ☆88Updated this week
• vmware-samples / sbom-composer
  A tool that takes two or more micro SBOMs and composes them into one distributable SBOM
  ☆23Updated last year
• philips-software / SPDXMerge
  SPDX Merge tool
  ☆39Updated 2 months ago
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated last week
• CycloneDX / cyclonedx-bom-repo-server
  A BOM repository server for distributing CycloneDX BOMs
  ☆74Updated 8 months ago
• spdx / spdx-to-osv
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆60Updated 5 months ago
• sigstore / rekor-search-ui
  Search Rekor for entries
  ☆27Updated 4 months ago
• todogroup / ospolandscape
  OSPO Landscape
  ☆33Updated last week
• ossf / scorecard-monitor
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
  ☆32Updated 4 months ago
• secure-systems-lab / dsse
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆68Updated 2 months ago
• spdx / sbom-landscape
  SPDX SBOM Landscape
  ☆15Updated last year
• repository-service-tuf / repository-service-tuf
  Umbrella Repository Service for TUF
  ☆41Updated this week
• SBOMit / specification
  ☆61Updated 4 months ago
• kusaridev / skootrs
  A CLI tool for creating secure by design/default source repos.
  ☆24Updated 3 months ago
• spdx / spdx-3-model
  The model for the information captured in SPDX version 3 standard.
  ☆71Updated this week
• opossum-tool / OpossumUI
  A light-weight app to audit and inventory large codebases for open source license compliance.
  ☆60Updated this week
• aboutcode-org / container-inspector
  container-inspector is a suite of analysis utilities and command line tools for Docker container images, their layers and how these relat…
  ☆34Updated 3 months ago
• omnibor / bomsh
  bomsh is collection of tools to explore the OmniBOR idea
  ☆21Updated 3 weeks ago
• AevaOnline / supply-chain-synthesis
  Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
  ☆32Updated last year
• oss-review-toolkit / ort-config
  Curations and configuration files for the OSS Review Toolkit.
  ☆16Updated this week
• in-toto / friends
  Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
  ☆12Updated this week
• ossf / security-insights-spec
  OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Is…
  ☆50Updated 2 months ago
• kusaridev / spector
  Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks
  ☆30Updated 10 months ago