Utility that converts SBOM documents from CycloneDX to SPDX
☆33Jan 19, 2024Updated 2 years ago
Alternatives and similar repositories for cdx2spdx
Users that are interested in cdx2spdx are comparing it to the libraries listed below
Sorting:
- ☆15Feb 24, 2026Updated last week
- SBOM Explorer - Discover and pull public SBOMs☆20May 23, 2025Updated 9 months ago
- .NET library to consume and produce CycloneDX Software Bill of Materials (SBOM)☆26Feb 10, 2026Updated 3 weeks ago
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆81Feb 25, 2026Updated last week
- PURL to CPE Relationship mapping project.☆111Feb 25, 2026Updated last week
- SPDX Command Line Tools using the Spdx-Java-Library☆88Feb 18, 2026Updated 2 weeks ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆42Updated this week
- A CVRF CSAF Converter, taking care about OASIS specification.☆10Jun 4, 2025Updated 9 months ago
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆65May 27, 2024Updated last year
- The model for the information captured in SPDX version 3 standard.☆98Updated this week
- Source for the website providing online SPDX tools☆71Dec 28, 2025Updated 2 months ago
- A Python library to parse, validate and create SPDX documents.☆239Jan 16, 2026Updated last month
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Updated this week
- apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information☆25Feb 4, 2022Updated 4 years ago
- Examples of SPDX files for software combinations☆143Nov 15, 2025Updated 3 months ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Jan 26, 2026Updated last month
- Lockheed Martin developed utility to combine multiple CycloneDX SBOMs☆13Jan 16, 2023Updated 3 years ago
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- ☆11Nov 11, 2022Updated 3 years ago
- The Keep It Simple Software Bill of Material☆11Jan 31, 2022Updated 4 years ago
- AES-GEM (AES Galois Extended Mode) implementation.☆13Feb 9, 2026Updated 3 weeks ago
- ☆122Apr 15, 2025Updated 10 months ago
- This repository stores meetings minutes for the SPDX project☆39Updated this week
- This is the OpenChain Telco Work Group☆19Dec 3, 2025Updated 3 months ago
- ☆102Sep 27, 2024Updated last year
- Helm Chart for deploying GUAC☆18Feb 23, 2026Updated last week
- buildx bake demo @ Docker Community All-Hands #2☆14Jun 22, 2022Updated 3 years ago
- REUSE recommendations, tutorials, FAQ and specification☆18May 27, 2024Updated last year
- Vulnerability Management with SBOM☆20Updated this week
- Secvisogram is a web tool for creating and editing security advisories in the CSAF 2.0 format☆41Feb 25, 2026Updated last week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆218Oct 21, 2025Updated 4 months ago
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆269Updated this week
- SPDX Merge tool☆50Apr 22, 2025Updated 10 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆127Jan 2, 2026Updated 2 months ago
- Open source package corrections, policy rules and other configuration files for the OSS Review Toolkit.☆21Updated this week
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆461Feb 10, 2026Updated 3 weeks ago