Stars
An open source threat modeling tool from OWASP
Templates for the Microsoft Threat Modeling Tool
🥑 Language focused docker images, minus the operating system.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
This repo contains license and copyright analysis results of open source packages. It further contains other license compliance relevant artifacts, which might be of value for others
Converter script in jq to convert cyclondx sbom to aosd 2.1
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nln…
The legal review and SBOM system used by SUSE and openSUSE
A scalable server implementation of the OSS Review Toolkit.
Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
Deterministically map license strings to its canonical identifier
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output.…
Simple license policy for demonstration purposes
The Double Open Server (DOS) companion for ORT.
SPDX Command Line Tools using the Spdx-Java-Library
Source for the website providing online SPDX tools
A taxonomy of all official CycloneDX property namespaces and names
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more