philips-software / spdx-builderLinks
Generates SPDX bill-of-material files from a package input and license scan
☆13Updated last year
Alternatives and similar repositories for spdx-builder
Users that are interested in spdx-builder are comparing it to the libraries listed below
Sorting:
- GitHub Action to get a license overview in SPDX format☆14Updated 3 years ago
- Search Rekor for entries☆34Updated 2 months ago
- Submit SBOMs to GitHub's dependency submission API☆12Updated 2 years ago
- Github Action implementation of SLSA Provenance Generation☆48Updated this week
- A java api and command line tool for scanning, reporting and fixing a git repository's InnerSource Readiness based on a supplied specific…☆20Updated last year
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated 2 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- Sigstore's Protocol Buffer specifications☆33Updated this week
- Report on quality of SBOM contents☆18Updated 6 months ago
- SPDX Merge tool☆45Updated 2 months ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- ☆57Updated 3 years ago
- SBOM Edit - Conditional edits and merging of SBOMs☆70Updated last week
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated 2 years ago
- Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs☆30Updated 4 months ago
- List of SBOM Generation Tools☆26Updated 3 months ago
- Helm charts for sigstore project☆76Updated 2 weeks ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated this week
- ☆62Updated 11 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆79Updated 9 months ago
- SBOM Search - Context aware search in SBOM repositories☆27Updated 3 weeks ago
- A TUF repository and signing tool☆37Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆63Updated last week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆35Updated last month
- Website and API for OpenSSF Scorecard☆24Updated this week
- Automating Compliance Tooling Project☆21Updated 3 years ago
- Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.☆16Updated last week
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- ☆42Updated 7 months ago