Lists (1)
Stars
Software Component Verification Standard (SCVS)
Check SPDX SBOM for NTIA minimum elements
SBOM Assess - Evaluate SBOM quality and compliance
Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag
The repository for SBOMs which can be shared from the 2024 SBOM Plugfest organized by the SEI on behalf of CISA.
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Generate a score for your sbom to understand if it will actually be useful.
Automatically assess and score software repositories for supply chain risk.
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability report…
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-…
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
A suite of tools to automate software compliance checks.
Interesting APT Report Collection And Some Special IOCs
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
GUAC aggregates software security metadata into a high fidelity graph database.