GitHub topics: software-composition-analysis
NordCoderd/awesome-software-supply-chain-security
Compilation of articles and utils about Software Supply Chain Security
Language: Python - Size: 3.91 KB - Last synced at: about 5 hours ago - Pushed at: about 7 hours ago - Stars: 0 - Forks: 0
safedep/vet
Protect against malicious open source packages 🤖
Language: Go - Size: 12.6 MB - Last synced at: about 10 hours ago - Pushed at: about 12 hours ago - Stars: 605 - Forks: 59
pmckeown/dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Language: Java - Size: 709 KB - Last synced at: about 14 hours ago - Pushed at: about 16 hours ago - Stars: 71 - Forks: 24
safedep/vet-action
GitHub Action for policy driven vetting of open source dependencies
Language: TypeScript - Size: 2.2 MB - Last synced at: 1 day ago - Pushed at: 2 days ago - Stars: 6 - Forks: 3
tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Language: Python - Size: 6.61 MB - Last synced at: 1 day ago - Pushed at: over 1 year ago - Stars: 994 - Forks: 189
aboutcode-org/scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Language: Python - Size: 71.4 MB - Last synced at: 2 days ago - Pushed at: 3 days ago - Stars: 142 - Forks: 111
aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
Language: Python - Size: 670 MB - Last synced at: 3 days ago - Pushed at: 4 days ago - Stars: 2,333 - Forks: 600
microsoft/component-detection
Scans your project to determine what components you use
Language: C# - Size: 5.93 MB - Last synced at: 1 day ago - Pushed at: 4 days ago - Stars: 489 - Forks: 105
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Language: Java - Size: 103 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 3,149 - Forks: 651
scanoss/scanoss.py
The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.
Language: Python - Size: 1.07 MB - Last synced at: 3 days ago - Pushed at: 6 days ago - Stars: 32 - Forks: 24
XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Language: Go - Size: 8.71 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 1,093 - Forks: 120
RetireJS/retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Language: JavaScript - Size: 3.44 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 3,893 - Forks: 424
LLNL/Surfactant
Modular framework for file information extraction and dependency analysis to generate accurate SBOMs
Language: Python - Size: 2.3 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 32 - Forks: 20
lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Language: TypeScript - Size: 293 MB - Last synced at: about 11 hours ago - Pushed at: about 1 year ago - Stars: 1,456 - Forks: 168
dependency-check/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Language: Java - Size: 283 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 7,071 - Forks: 1,359
eclipse-apoapsis/ort-server
A scalable server implementation of the OSS Review Toolkit.
Language: Kotlin - Size: 18.7 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 39 - Forks: 15
fabasoad/pre-commit-grype
pre-commit hooks to run grype
Language: Shell - Size: 82 KB - Last synced at: 6 days ago - Pushed at: 7 days ago - Stars: 1 - Forks: 0
fabasoad/pre-commit-snyk
pre-commit hooks to run snyk
Language: Shell - Size: 93.8 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 13 - Forks: 5
fabasoad/reusable-workflows
Collection of reusable workflows
Size: 119 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 1 - Forks: 0
bureado/awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
Size: 165 KB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 325 - Forks: 31
opossum-tool/OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
Language: TypeScript - Size: 47.4 MB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 66 - Forks: 28
safedep/vetpkg.dev
Open Source Component Security Dashboard
Language: TypeScript - Size: 984 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 1 - Forks: 0
indiizza/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Size: 1000 Bytes - Last synced at: 10 days ago - Pushed at: 11 days ago - Stars: 0 - Forks: 0
jhermann/dependency-check-py
:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
Language: Python - Size: 178 KB - Last synced at: 8 days ago - Pushed at: about 4 years ago - Stars: 50 - Forks: 12
fatai-mateen/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Size: 1.95 KB - Last synced at: 11 days ago - Pushed at: 12 days ago - Stars: 2 - Forks: 0
scanoss/sbom-workbench
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
Language: TypeScript - Size: 19 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 56 - Forks: 13
t7dela/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Language: C++ - Size: 974 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 1 - Forks: 1
nMoncho/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs).
Language: Scala - Size: 217 KB - Last synced at: 16 days ago - Pushed at: 19 days ago - Stars: 10 - Forks: 1
harekrishnarai/Damn-vulnerable-sca
Damn Vulnerable SCA Application
Language: Java - Size: 36 MB - Last synced at: 17 days ago - Pushed at: about 2 months ago - Stars: 39 - Forks: 32
murphysecurity/murphysec
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
Language: Go - Size: 5.05 MB - Last synced at: 21 days ago - Pushed at: 21 days ago - Stars: 1,733 - Forks: 180
030/nononsec
No-nonsense security (NoNonSec). Ignored today, exploited tomorrow.
Language: Go - Size: 11.7 KB - Last synced at: 21 days ago - Pushed at: 21 days ago - Stars: 0 - Forks: 0
jhumel-code/cartographer
A comprehensive software artifact scanning and analysis tool for Docker images and filesystems.
Language: Go - Size: 5.7 MB - Last synced at: 22 days ago - Pushed at: 22 days ago - Stars: 0 - Forks: 0
scanoss/scanoss.js
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
Language: TypeScript - Size: 3.1 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 8 - Forks: 5
hysnsec/awesome-sca
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
Size: 254 KB - Last synced at: about 1 month ago - Pushed at: 8 months ago - Stars: 106 - Forks: 28
fabasoad/pre-commit-vulncheck
pre-commit hooks to run vulncheck
Language: Shell - Size: 53.7 KB - Last synced at: 10 days ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 0
eclipse-apoapsis/guidance
The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.
Language: JavaScript - Size: 990 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 1
scanoss/scanoss.java
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
Language: C - Size: 564 KB - Last synced at: 21 days ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 2
albuch/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Language: Scala - Size: 5.07 MB - Last synced at: 16 days ago - Pushed at: 11 months ago - Stars: 269 - Forks: 44
meta-fun/awesome-software-supply-chain-security
Sharing software supply chain security open source projects
Size: 23.4 KB - Last synced at: 10 days ago - Pushed at: over 2 years ago - Stars: 50 - Forks: 3
albuch/sbt-dependency-check-action
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
Language: Shell - Size: 10.7 KB - Last synced at: 23 days ago - Pushed at: about 4 years ago - Stars: 1 - Forks: 1
kube-security/orca
This repository contains the container image scanning tool ORCA
Language: Python - Size: 489 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 36 - Forks: 0
izziiyt/compaa
component activity analyzer
Language: Go - Size: 95.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0
stevespringett/nist-data-mirror 📦
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Language: Java - Size: 212 KB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 207 - Forks: 90
xJonah/repelsec
SAST & SCA Security Tool
Language: Python - Size: 2.89 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 5 - Forks: 0
SecureStackCo/actions-all-in-one
All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!
Size: 1.26 MB - Last synced at: 10 days ago - Pushed at: about 2 years ago - Stars: 21 - Forks: 6
nxenon/DevSecOps
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
Language: Python - Size: 145 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 58 - Forks: 5
SecureStackCo/actions-code
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
Size: 370 KB - Last synced at: 1 day ago - Pushed at: over 3 years ago - Stars: 22 - Forks: 2
blackducksoftware/kubectl-bd-xray
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
Language: Go - Size: 12.3 MB - Last synced at: 4 months ago - Pushed at: almost 5 years ago - Stars: 7 - Forks: 2
DataDog/dd-dependency-sniffer
The Datadog Dependency Sniffer is a tool designed to scan and analyze the dependencies of a project, identifying the actual location of specific dependencies.
Language: Python - Size: 46.9 KB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0
sonatype-nexus-community/ossindex-python
Python library for querying OSS Index
Language: Python - Size: 139 KB - Last synced at: 18 days ago - Pushed at: 9 months ago - Stars: 1 - Forks: 4
Regnology/lucy
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
Language: Java - Size: 1.6 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 7 - Forks: 1
MichaelMULLER/highlight-scan-github-action
This repo contains Github action for running CAST Highlight scans
Size: 19.5 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 4 - Forks: 3
fdl66/Golang_SCA
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
Language: Python - Size: 12.7 KB - Last synced at: 16 days ago - Pushed at: over 3 years ago - Stars: 5 - Forks: 1
ozontech/dtrack-audit
OWASP Dependency Track API client for intergration into CI/CD pipeline
Language: Go - Size: 3.46 MB - Last synced at: 9 months ago - Pushed at: 12 months ago - Stars: 51 - Forks: 16
XmirrorSecurity/opensca-scan-action
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
Size: 595 KB - Last synced at: 5 months ago - Pushed at: over 1 year ago - Stars: 5 - Forks: 0
bnreplah/veradblookup
Veracode Database Look Up Tool to query the Veracode Vulnerability Database
Language: Shell - Size: 87.9 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0
SecureStackCo/actions-exposure
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Size: 1.76 MB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 21 - Forks: 5
ozonru/cyclonedx-go
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
Language: Go - Size: 31.3 KB - Last synced at: about 1 year ago - Pushed at: over 5 years ago - Stars: 21 - Forks: 3
stevespringett/vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Language: Java - Size: 167 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 42 - Forks: 7
pentestguy/Vulnerable-Dependencies
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
Language: C# - Size: 9.77 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
MetLife/VeracodeCommunitySCA
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
Language: Python - Size: 1.11 MB - Last synced at: about 1 year ago - Pushed at: about 2 years ago - Stars: 8 - Forks: 6
Xpertians/ThunderaBSA 📦
ThunderaBSA is a Binary Static Analysis tool
Language: Python - Size: 833 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
SecureStackCo/actions-log4j
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Size: 1.48 MB - Last synced at: 22 days ago - Pushed at: over 3 years ago - Stars: 15 - Forks: 2
instriq/warn-cpan
Software Composition Analysis (SCA) for Perl Apps
Language: Perl - Size: 7.81 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
soarsmu/midas
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
Language: Python - Size: 89.9 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 5 - Forks: 0
jonrau1/CodeArtifactVulnScanner 📦
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
Language: Python - Size: 1.95 MB - Last synced at: over 2 years ago - Pushed at: over 4 years ago - Stars: 6 - Forks: 4
bgnetworks/meta-dependencytrack
A Yocto meta-layer for generating CycloneDX SBOMs and automatically uploading them to Dependency Track.
Size: 388 KB - Last synced at: over 2 years ago - Pushed at: about 3 years ago - Stars: 6 - Forks: 5
tonycch/get-dependabot-alerts-sample
Get Dependabot Alerts from a repo
Language: JavaScript - Size: 12.7 KB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 12 - Forks: 8
software-composition-analysis/fosdem-2022-devroom
Software Composition and Dependencies devroom - FOSDEM 2022
Size: 64.5 KB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 9 - Forks: 1
githubfoam/blackduck-findbugs-gradle-githubactions
blackduck findbugs gradle githubactions
Language: Shell - Size: 64.5 KB - Last synced at: 4 months ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 0
githubfoam/gradle-pipeline
gradle pipeline
Language: Java - Size: 173 KB - Last synced at: 4 months ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 0
peterjmorgan/phylum-analyze-pr-action
GitHub Action to analyze Pull Requests for open-source supply chain issues
Language: Python - Size: 102 KB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 0
