Alternatives and similar repositories for xeol

Users that are interested in xeol are comparing it to the libraries listed below

• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆237Aug 13, 2024Updated last year
• chainguard-dev / bomshell

  View on GitHub
  An SBOM query language and associated utilities
  ☆55Jan 22, 2024Updated 2 years ago
• project-copacetic / copacetic

  View on GitHub
  🧵 CLI tool for directly patching container images!
  ☆1,528Feb 7, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,446Updated this week
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆829Mar 28, 2025Updated 10 months ago
• snyk / parlay

  View on GitHub
  Enrich SBOMs with data from third party services
  ☆214Feb 6, 2026Updated last week
• philips-software / SPDXMerge

  View on GitHub
  SPDX Merge tool
  ☆50Apr 22, 2025Updated 9 months ago
• cedana / cedana-cli

  View on GitHub
  CLI to the Cedana Service
  ☆57May 5, 2025Updated 9 months ago
• cloudandthings / terraform-aws-clickops-notifier

  View on GitHub
  Get notified when actions are taken in the AWS Console.
  ☆330Jan 20, 2025Updated last year
• mostafahussein / conceal

  View on GitHub
  A command line utility that provides a secure method to get your secrets from your existing password manager.
  ☆62Dec 18, 2022Updated 3 years ago
• sigstore / gitsign

  View on GitHub
  Keyless Git signing using Sigstore
  ☆1,057Updated this week
• notaryproject / ratify

  View on GitHub
  Artifact Ratification Framework (CNCF Sandbox)
  ☆283Feb 2, 2026Updated last week
• IBM / sbom-utility

  View on GitHub
  This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility
  ☆60Apr 17, 2023Updated 2 years ago
• anchore / grant

  View on GitHub
  A license scanner for container images and filesystems.
  ☆137Feb 7, 2026Updated last week
• openvex / vexctl

  View on GitHub
  A tool to create, transform and attest VEX metadata
  ☆172Feb 3, 2026Updated last week
• mchmarny / s3cme

  View on GitHub
  Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…
  ☆103Apr 23, 2024Updated last year
• ChaosInTheCRD / Dexter

  View on GitHub
  Trust Dexter to ensure that all your images are pinned by digest for better security
  ☆31Nov 8, 2023Updated 2 years ago
• interlynk-io / sbommv

  View on GitHub
  SBOM Move - Automate build and transfer of SBOMs across systems
  ☆25Updated this week
• noqdev / iambic

  View on GitHub
  IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, hum…
  ☆297Nov 27, 2024Updated last year
• plexsystems / sinker

  View on GitHub
  A tool to sync images from one container registry to another
  ☆627Jun 13, 2024Updated last year
• anchore / grype

  View on GitHub
  A vulnerability scanner for container images and filesystems
  ☆11,516Updated this week
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,362Updated this week
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆514Updated this week
• mindersec / minder

  View on GitHub
  Software Supply Chain Security Platform
  ☆373Updated this week
• chainguard-dev / apko

  View on GitHub
  Build OCI images from APK packages directly without Dockerfile
  ☆1,544Updated this week
• oracle / macaron

  View on GitHub
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆186Updated this week
• sethvargo / ratchet

  View on GitHub
  A tool for securing CI/CD workflows with version pinning.
  ☆884Jun 27, 2025Updated 7 months ago
• sigstore / cosign

  View on GitHub
  Code signing and transparency for containers and binaries
  ☆5,633Feb 4, 2026Updated last week
• interlynk-io / sbomqs

  View on GitHub
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆267Feb 5, 2026Updated last week
• reproducible-containers / diffoci

  View on GitHub
  diff for Docker and OCI container images
  ☆552Updated this week
• jetstack / paranoia

  View on GitHub
  Inspect certificate authorities in container images
  ☆240Dec 4, 2025Updated 2 months ago
• prodzilla / prodzilla

  View on GitHub
  🦖 Testing in Production - Synthetic Monitoring on Rust
  ☆212Jan 25, 2026Updated 2 weeks ago
• sigstore / rekor

  View on GitHub
  Software Supply Chain Transparency Log
  ☆1,073Feb 3, 2026Updated last week
• scribe-public / gitgat

  View on GitHub
  Evaluate source control (GitHub) security posture
  ☆251Mar 8, 2023Updated 2 years ago
• sigstore / helm-sigstore

  View on GitHub
  Plugin for Helm to integrate the sigstore ecosystem
  ☆67Jan 28, 2026Updated 2 weeks ago
• openclarity / openclarity

  View on GitHub
  OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
  ☆1,449Updated this week
• devops-kung-fu / bomber

  View on GitHub
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆597Mar 31, 2025Updated 10 months ago
• DataDog / KubeHound

  View on GitHub
  Tool for building Kubernetes attack paths
  ☆940Jan 16, 2026Updated 3 weeks ago
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,262Feb 6, 2026Updated last week