Topic: "software-composition-analysis"
dependency-check/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Language: Java - Size: 280 MB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 6,846 - Forks: 1,341
RetireJS/retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Language: JavaScript - Size: 2.65 MB - Last synced at: 12 days ago - Pushed at: about 1 month ago - Stars: 3,808 - Forks: 416
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Language: Java - Size: 103 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 2,982 - Forks: 614
aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
Language: Python - Size: 670 MB - Last synced at: 3 days ago - Pushed at: 4 days ago - Stars: 2,263 - Forks: 594
murphysecurity/murphysec
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
Language: Go - Size: 4.99 MB - Last synced at: 11 days ago - Pushed at: 14 days ago - Stars: 1,716 - Forks: 176
lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Language: TypeScript - Size: 293 MB - Last synced at: 7 days ago - Pushed at: 12 months ago - Stars: 1,445 - Forks: 168
XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Language: Go - Size: 8.7 MB - Last synced at: 8 days ago - Pushed at: 25 days ago - Stars: 1,062 - Forks: 120
tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Language: Python - Size: 6.61 MB - Last synced at: about 19 hours ago - Pushed at: about 1 year ago - Stars: 982 - Forks: 188
microsoft/component-detection
Scans your project to determine what components you use
Language: C# - Size: 5.83 MB - Last synced at: 8 days ago - Pushed at: 12 days ago - Stars: 471 - Forks: 97
safedep/vet
🚀 Policy driven vetting of open source packages with malicious code analysis
Language: Go - Size: 11 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 334 - Forks: 39
bureado/awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
Size: 165 KB - Last synced at: 3 days ago - Pushed at: almost 2 years ago - Stars: 314 - Forks: 28
albuch/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Language: Scala - Size: 5.07 MB - Last synced at: 5 months ago - Pushed at: 8 months ago - Stars: 266 - Forks: 35
stevespringett/nist-data-mirror 📦
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Language: Java - Size: 212 KB - Last synced at: about 1 year ago - Pushed at: over 2 years ago - Stars: 205 - Forks: 94
aboutcode-org/scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Language: Python - Size: 67.6 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 130 - Forks: 108
hysnsec/awesome-sca
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
Size: 254 KB - Last synced at: 9 days ago - Pushed at: 5 months ago - Stars: 103 - Forks: 28
pmckeown/dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Language: Java - Size: 642 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 68 - Forks: 24
opossum-tool/OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
Language: TypeScript - Size: 47.3 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 65 - Forks: 28
nxenon/DevSecOps
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
Language: Python - Size: 145 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 58 - Forks: 5
ozontech/dtrack-audit
OWASP Dependency Track API client for intergration into CI/CD pipeline
Language: Go - Size: 3.46 MB - Last synced at: 6 months ago - Pushed at: 9 months ago - Stars: 51 - Forks: 16
scanoss/sbom-workbench
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
Language: TypeScript - Size: 18.3 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 50 - Forks: 12
meta-fun/awesome-software-supply-chain-security
Sharing software supply chain security open source projects
Size: 23.4 KB - Last synced at: 2 days ago - Pushed at: over 2 years ago - Stars: 49 - Forks: 3
jhermann/dependency-check-py
:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
Language: Python - Size: 178 KB - Last synced at: 8 days ago - Pushed at: almost 4 years ago - Stars: 49 - Forks: 12
stevespringett/vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Language: Java - Size: 167 KB - Last synced at: about 1 year ago - Pushed at: about 2 years ago - Stars: 42 - Forks: 7
eclipse-apoapsis/ort-server
A scalable server implementation of the OSS Review Toolkit.
Language: Kotlin - Size: 15.4 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 33 - Forks: 15
scanoss/scanoss.py
The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.
Language: Python - Size: 927 KB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 31 - Forks: 25
LLNL/Surfactant
Modular framework for file information extraction and dependency analysis to generate accurate SBOMs
Language: Python - Size: 1.2 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 28 - Forks: 17
kube-security/orca
This repository contains the container image scanning tool ORCA
Language: Python - Size: 485 KB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 23 - Forks: 0
SecureStackCo/actions-code
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
Size: 370 KB - Last synced at: 1 day ago - Pushed at: about 3 years ago - Stars: 22 - Forks: 2
SecureStackCo/actions-exposure
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Size: 1.76 MB - Last synced at: about 1 year ago - Pushed at: almost 2 years ago - Stars: 21 - Forks: 5
SecureStackCo/actions-all-in-one
All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!
Size: 1.26 MB - Last synced at: 16 days ago - Pushed at: almost 2 years ago - Stars: 21 - Forks: 6
ozonru/cyclonedx-go
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
Language: Go - Size: 31.3 KB - Last synced at: 10 months ago - Pushed at: about 5 years ago - Stars: 21 - Forks: 3
harekrishnarai/Damn-vulnerable-sca
Damn Vulnerable SCA Application
Language: JavaScript - Size: 35.9 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 18 - Forks: 15
SecureStackCo/actions-log4j
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Size: 1.48 MB - Last synced at: 16 days ago - Pushed at: about 3 years ago - Stars: 15 - Forks: 2
tonycch/get-dependabot-alerts-sample
Get Dependabot Alerts from a repo
Language: JavaScript - Size: 12.7 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 12 - Forks: 8
fabasoad/pre-commit-snyk
pre-commit hooks to run snyk
Language: Shell - Size: 99.6 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 11 - Forks: 5
software-composition-analysis/fosdem-2022-devroom
Software Composition and Dependencies devroom - FOSDEM 2022
Size: 64.5 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 9 - Forks: 1
scanoss/scanoss.js
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
Language: TypeScript - Size: 3.45 MB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 8 - Forks: 5
MetLife/VeracodeCommunitySCA
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
Language: Python - Size: 1.11 MB - Last synced at: 12 months ago - Pushed at: almost 2 years ago - Stars: 8 - Forks: 6
Regnology/lucy
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
Language: Java - Size: 1.6 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 7 - Forks: 1
blackducksoftware/kubectl-bd-xray
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
Language: Go - Size: 12.3 MB - Last synced at: 11 days ago - Pushed at: over 4 years ago - Stars: 7 - Forks: 2
nMoncho/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs).
Language: Scala - Size: 180 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 6 - Forks: 1
bgnetworks/meta-dependencytrack
A Yocto meta-layer for generating CycloneDX SBOMs and automatically uploading them to Dependency Track.
Size: 388 KB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 6 - Forks: 5
jonrau1/CodeArtifactVulnScanner 📦
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
Language: Python - Size: 1.95 MB - Last synced at: about 2 years ago - Pushed at: over 4 years ago - Stars: 6 - Forks: 4
xJonah/repelsec
SAST & SCA Security Tool
Language: Python - Size: 2.89 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 5 - Forks: 0
XmirrorSecurity/opensca-scan-action
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
Size: 595 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 5 - Forks: 0
soarsmu/midas
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
Language: Python - Size: 89.9 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 5 - Forks: 0
fdl66/Golang_SCA
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
Language: Python - Size: 12.7 KB - Last synced at: 5 months ago - Pushed at: about 3 years ago - Stars: 5 - Forks: 1
MichaelMULLER/highlight-scan-github-action
This repo contains Github action for running CAST Highlight scans
Size: 19.5 KB - Last synced at: 6 months ago - Pushed at: 7 months ago - Stars: 4 - Forks: 3
fatai-mateen/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Size: 1.95 KB - Last synced at: about 3 hours ago - Pushed at: about 4 hours ago - Stars: 2 - Forks: 0
eclipse-apoapsis/guidance
The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.
Language: JavaScript - Size: 834 KB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 2 - Forks: 1
scanoss/scanoss.java
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
Language: C - Size: 553 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 2 - Forks: 2
t7dela/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Language: C++ - Size: 974 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 1 - Forks: 0
safedep/vet-action
GitHub Action for policy driven vetting of open source dependencies
Language: TypeScript - Size: 1010 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 1 - Forks: 2
fabasoad/pre-commit-grype
pre-commit hooks to run grype
Language: Shell - Size: 69.3 KB - Last synced at: 7 days ago - Pushed at: 10 days ago - Stars: 1 - Forks: 0
fabasoad/pre-commit-vulncheck
pre-commit hooks to run vulncheck
Language: Shell - Size: 43.9 KB - Last synced at: 7 days ago - Pushed at: 10 days ago - Stars: 1 - Forks: 0
fabasoad/reusable-workflows
Collection of reusable workflows
Size: 117 KB - Last synced at: 12 days ago - Pushed at: 20 days ago - Stars: 1 - Forks: 0
izziiyt/compaa
component activity analyzer
Language: Go - Size: 85 KB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 1 - Forks: 0
sonatype-nexus-community/ossindex-python
Python library for querying OSS Index
Language: Python - Size: 139 KB - Last synced at: 7 days ago - Pushed at: 6 months ago - Stars: 1 - Forks: 4
DataDog/dd-dependency-sniffer
The Datadog Dependency Sniffer is a tool designed to scan and analyze the dependencies of a project, identifying the actual location of specific dependencies.
Language: Python - Size: 46.9 KB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 1 - Forks: 0
githubfoam/gradle-pipeline
gradle pipeline
Language: Java - Size: 173 KB - Last synced at: 23 days ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 0
albuch/sbt-dependency-check-action
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
Language: Shell - Size: 10.7 KB - Last synced at: about 1 month ago - Pushed at: almost 4 years ago - Stars: 1 - Forks: 1
indiizza/ShadowTool
This script is designed to automatically generate seed phrases and check balances for Tron networks. If a wallet with a non-zero balance is found, the wallet's information (address, mnemonic, private key, and balances) is logged and saved to a file named result.txt.
Size: 1000 Bytes - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 0 - Forks: 0
safedep/vetpkg.dev
Open Source Component Security Dashboard
Language: TypeScript - Size: 776 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 0 - Forks: 0
bnreplah/veradblookup
Veracode Database Look Up Tool to query the Veracode Vulnerability Database
Language: Shell - Size: 87.9 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0
pentestguy/Vulnerable-Dependencies
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
Language: C# - Size: 9.77 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0
Xpertians/ThunderaBSA 📦
ThunderaBSA is a Binary Static Analysis tool
Language: Python - Size: 833 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
instriq/warn-cpan
Software Composition Analysis (SCA) for Perl Apps
Language: Perl - Size: 7.81 KB - Last synced at: about 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
githubfoam/blackduck-findbugs-gradle-githubactions
blackduck findbugs gradle githubactions
Language: Shell - Size: 64.5 KB - Last synced at: 23 days ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0
peterjmorgan/phylum-analyze-pr-action
GitHub Action to analyze Pull Requests for open-source supply chain issues
Language: Python - Size: 102 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0
