swinslow / npm-spdxLinks
Golang tool to pull and summarize NPM license info
☆13Updated 2 years ago
Alternatives and similar repositories for npm-spdx
Users that are interested in npm-spdx are comparing it to the libraries listed below
Sorting:
- ☆29Updated last week
- TACOS framework structural details☆20Updated last month
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 5 months ago
- Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or exten…☆13Updated 3 years ago
- The Auditree data gathering and reporting tool.☆15Updated 10 months ago
- Compare vulnerability scanners results (to make them better!)☆16Updated this week
- The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute …☆54Updated 3 years ago
- A generic skeleton project for quickly getting a new cisagov project started.☆18Updated 3 weeks ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- Github Action implementation of SLSA Provenance Generation☆48Updated this week
- Darkbit Cloud Security Tools☆25Updated 4 years ago
- A documentation and tracking project with the goal of making package management systems more secure.☆50Updated 4 years ago
- Prevent leaks with gitleaks, and use tests to validate☆32Updated 3 weeks ago
- An SBOM query language and associated utilities☆54Updated last year
- Sigstore's Protocol Buffer specifications☆33Updated this week
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated 2 years ago
- Report missing advisories and corrections on OSS Index☆17Updated 2 years ago
- in-toto is a framework to secure the software supply chain.☆70Updated 5 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- OASIS OpenEoX TC: The purpose of this repository is to support version control for Work Product artifacts developed by members of the OAS…☆34Updated this week
- A simple website introducing the CNAB project.☆16Updated last year
- Make your Markdown sparkle!☆20Updated 3 years ago
- ☆62Updated 11 months ago
- Source for official CVE Program policy documents.☆16Updated last month
- Utility that provides an API and CLI to identify licenses and legal terms☆50Updated 3 weeks ago
- The Auditree common fetchers, checks and harvest reports library.☆19Updated last year
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆79Updated 9 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated 2 years ago
- K8S Operator for Rekor