Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
-
Updated
Oct 27, 2022
Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
An example project that demonstrates how to automate a release with SBOM generation using Syft
Your Comprehensive Vulnerability Management Tool
Lockheed Martin developed common library to combine multiple SBOMs
The Clearing Automation Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Debian project and uploads it to SW360 and Fossology
User interface for BOM-bar
A simple SBOM generator for applications deployed with ArgoCD
Runtime library to serialize/deserialize CycloneDX BOM with protocol buffers
@jQAssistant plugin to scan and analyze CycloneDX files (e.g. SBOM).
Packages dependencies & vulnerabilities inventory for containers
header_docu - file header parser for SBOM SPDX/CycloneDX
SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.
Nitro fork of archived repo https://github.com/CycloneDX/cyclonedx-conan with changes required to work with our conan version.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."