swinslow / npm-spdxLinks
Golang tool to pull and summarize NPM license info
☆13Updated 2 years ago
Alternatives and similar repositories for npm-spdx
Users that are interested in npm-spdx are comparing it to the libraries listed below
Sorting:
- Compare vulnerability scanners results (to make them better!)☆16Updated last month
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- The Auditree data gathering and reporting tool.☆15Updated 9 months ago
- An SBOM query language and associated utilities☆54Updated last year
- ☆29Updated this week
- Github Action implementation of SLSA Provenance Generation☆48Updated 2 weeks ago
- TACOS framework structural details☆20Updated 3 weeks ago
- Darkbit Cloud Security Tools☆25Updated 4 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆78Updated 8 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- Tool providing easy IAM setup on EKS for Amazon Managed Service for Prometheus (AMP) users.☆11Updated last year
- ☆16Updated 3 months ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- Sigstore's Protocol Buffer specifications☆32Updated this week
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated 2 years ago
- NIST OSCAL SDK and CLI☆38Updated 5 years ago
- Go beyond package manager discovery for SBOM☆18Updated 3 years ago
- Grype vulnerability check plugin for Visual Studio Code☆22Updated 5 months ago
- ☆14Updated last year
- Slack alert bot for matching Github Audit Events☆10Updated 6 months ago
- Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or exten…☆13Updated 3 years ago
- This tool allows using a SPIFFE JWT to authenticate to AWS APIs☆34Updated last year
- Terraform module to configure Vault for GitHub OIDC authentication from Action runners.☆29Updated 9 months ago
- Decision trees generated via Graphviz to inform pragmatic threat modelling.☆11Updated 4 years ago
- SBOM Search - Context aware search in SBOM repositories☆26Updated 2 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- AWS container security survey 2020☆11Updated 4 years ago
- ☆42Updated 7 months ago
- The Auditree tool for adding external evidence.☆11Updated 8 months ago
- ☆62Updated 10 months ago