Produce an Open Source Vulnerability JSON file based on information in an SPDX document
☆65May 27, 2024Updated last year
Alternatives and similar repositories for spdx-to-osv
Users that are interested in spdx-to-osv are comparing it to the libraries listed below
Sorting:
- Utility that converts SBOM documents from CycloneDX to SPDX☆33Jan 19, 2024Updated 2 years ago
- Tool to scan a container image's rootfs☆12Nov 6, 2023Updated 2 years ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆605Feb 10, 2026Updated 3 weeks ago
- Repository of SBOMs generated by the syft SBOM generator tool, against a list of popular dockerhub container images.☆19Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆42Mar 2, 2026Updated last week
- SPDX Merge tool☆50Mar 2, 2026Updated last week
- ☆102Sep 27, 2024Updated last year
- Automating Compliance Tooling Project☆22Jan 28, 2022Updated 4 years ago
- Source for the website providing online SPDX tools☆72Dec 28, 2025Updated 2 months ago
- Examples of SPDX files for software combinations☆143Nov 15, 2025Updated 3 months ago
- Access AKS clusters using Azure Workload Identity Federation☆10Feb 10, 2024Updated 2 years ago
- A template repository for building external data providers for Gatekeeper.☆12Aug 14, 2023Updated 2 years ago
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆10Aug 14, 2020Updated 5 years ago
- Keyless Git signing with cosign!☆11May 12, 2022Updated 3 years ago
- POSIX sh formatter and client for tldr pages☆12Dec 27, 2022Updated 3 years ago
- Support CI generation of SBOMs via golang tooling.☆424Jan 13, 2025Updated last year
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- Basic Streamlit Application for testing, and displaying Multi-GPU LLM timings☆10Mar 30, 2024Updated last year
- ☆16Updated this week
- TUI for managing beads☆33Jan 8, 2026Updated 2 months ago
- Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent☆12Aug 13, 2022Updated 3 years ago
- Utility that provides an API and CLI to identify licenses and legal terms☆52Jul 11, 2025Updated 7 months ago
- A tool to create, transform and attest VEX metadata☆176Mar 2, 2026Updated last week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆218Oct 21, 2025Updated 4 months ago
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- Utility for performing bulk download operations in https://github.com/CVEProject/cvelistV5☆23Mar 20, 2025Updated 11 months ago
- ⚡ Guidance, samples, and tools for HPC workloads on AKS clusters with RDMA and InfiniBand support, including GPUDirect RDMA.☆21Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆114Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Apr 17, 2023Updated 2 years ago
- ☆21Oct 2, 2025Updated 5 months ago
- Container Image Signing & Verifying on Ethereum [Testnet]☆17Mar 15, 2022Updated 3 years ago
- A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…☆14Feb 17, 2023Updated 3 years ago
- GitHub Action to get a license overview in SPDX format☆14Dec 24, 2021Updated 4 years ago
- Library to ingest and generate VEX documents☆19Feb 19, 2026Updated 2 weeks ago
- Helm Chart for deploying GUAC☆18Feb 23, 2026Updated 2 weeks ago
- Orthos is a machine administration tool.☆19Aug 19, 2025Updated 6 months ago
- OSCAL SSP content for technologies shipped by Red Hat☆16Mar 2, 2023Updated 3 years ago
- simple validation controller for kubernetes☆11Feb 1, 2024Updated 2 years ago