spdx / spdx-to-osvView external linksLinks
Produce an Open Source Vulnerability JSON file based on information in an SPDX document
☆65May 27, 2024Updated last year
Alternatives and similar repositories for spdx-to-osv
Users that are interested in spdx-to-osv are comparing it to the libraries listed below
Sorting:
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆598Updated this week
- Repository of SBOMs generated by the syft SBOM generator tool, against a list of popular dockerhub container images.☆19Oct 9, 2024Updated last year
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- This tool compares two Software Bill of Materials (SBOMs) and reports the differences.☆41Oct 29, 2024Updated last year
- SPDX Merge tool☆50Apr 22, 2025Updated 9 months ago
- ☆102Sep 27, 2024Updated last year
- Automating Compliance Tooling Project☆22Jan 28, 2022Updated 4 years ago
- Source for the website providing online SPDX tools☆71Dec 28, 2025Updated last month
- Examples of SPDX files for software combinations☆142Nov 15, 2025Updated 3 months ago
- A template repository for building external data providers for Gatekeeper.☆12Aug 14, 2023Updated 2 years ago
- POSIX sh formatter and client for tldr pages☆12Dec 27, 2022Updated 3 years ago
- Keyless Git signing with cosign!☆11May 12, 2022Updated 3 years ago
- Access AKS clusters using Azure Workload Identity Federation☆10Feb 10, 2024Updated 2 years ago
- Support CI generation of SBOMs via golang tooling.☆423Jan 13, 2025Updated last year
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent☆12Aug 13, 2022Updated 3 years ago
- Basic Streamlit Application for testing, and displaying Multi-GPU LLM timings☆10Mar 30, 2024Updated last year
- A tool to create, transform and attest VEX metadata☆173Updated this week
- Utility that provides an API and CLI to identify licenses and legal terms☆51Jul 11, 2025Updated 7 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆217Oct 21, 2025Updated 3 months ago
- ⚡ Guidance, samples, and tools for HPC workloads on AKS clusters with RDMA and InfiniBand support, including GPUDirect RDMA.☆20Feb 7, 2026Updated last week
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆110Feb 10, 2026Updated last week
- ☆20Oct 2, 2025Updated 4 months ago
- GitHub Action to get a license overview in SPDX format☆14Dec 24, 2021Updated 4 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Apr 17, 2023Updated 2 years ago
- A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…☆14Feb 17, 2023Updated 3 years ago
- OSCAL SSP content for technologies shipped by Red Hat☆16Mar 2, 2023Updated 2 years ago
- Helm Chart for deploying GUAC☆18Feb 9, 2026Updated last week
- simple validation controller for kubernetes☆11Feb 1, 2024Updated 2 years ago
- Library to ingest and generate VEX documents☆18Oct 2, 2025Updated 4 months ago
- PURL to CPE Relationship mapping project.☆111Updated this week
- Open Source Vulnerability schema.☆232Feb 9, 2026Updated last week
- PhpDoc2Cheatsheet☆19Sep 25, 2019Updated 6 years ago
- conftest plugin that transforms k8s input object to be compatible with gatekeeper policies☆14Jan 26, 2024Updated 2 years ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆18Feb 6, 2026Updated last week
- OpenVEX Specification☆167Jan 16, 2026Updated last month
- Generate SBOMs with gh CLI☆199May 30, 2025Updated 8 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆456Feb 10, 2026Updated last week