Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
-
Updated
Oct 27, 2022
Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
Create a dependency graph of the components within a SBOM
A Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
The Clearing Automation Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian project and uploads it to SW360 and Fossology
This repo accumulate underlying data and analysis results for assessing the current landscape of open-source and proprietary tools related to Software Bill of Materials (SBOM). We additionally compiled our findings into a comprehensive spreadsheet detailing 86 tools and their use cases.
Retrieve all requested SBOMs from the GitHub repositories.
Ansible role for 'syft'. Available on Ansible Galaxy.
SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."