CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
Updated
Oct 25, 2025 - Go
#
spdx
Here are 27 public repositories matching this topic...
GUAC aggregates software security metadata into a high fidelity graph database.
security graph supply-chain vulnerability vex spdx vulnerability-management software-supply-chain supply-chain-analytics sbom attestations in-toto cyclonedx slsa supply-chain-security supply-chain-visibility software-supply-chain-security spdx-sbom cyclonedx-sbom
-
Updated
Oct 22, 2025 - Go
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
security static-analysis vulnerabilities spdx software-supply-chain sca swid devsecops software-composition-analysis software-bill-of-materials license-compliance sbom cyclonedx software-supply-chain-security
-
Updated
Oct 11, 2025 - Go
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
golang security oss supply-chain spdx vulnerability-scanners security-automation security-tools devsecops supplychain syft sbom gomodule cyclonedx epss
-
Updated
Mar 31, 2025 - Go
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Oct 24, 2025 - Go
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
go golang spdx security-tools sbom cyclonedx devsecops-pipeline supply-chain-security sbom-examples sbom-tool sbom-quality sbom-score sbom-samples
-
Updated
Oct 24, 2025 - Go
Reliable project licenses detector.
-
Updated
Jun 9, 2023 - Go
licensechecker (lc) a command line application which scans directories and identifies what software license things are under producing reports as either SPDX, CSV, JSON, XLSX or CLI Tabular output. Dual-licensed under MIT or the UNLICENSE.
go cli golang commandline classifier open-source-licensing command-line-tool license spdx license-management licensechecker
-
Updated
May 4, 2025 - Go
Utility that provides an API platform for validating, querying and managing BOM data
owasp bom vex vdr spdx spdx-license hacktoberfest bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx obom mbom saasbom spdx-sbom sbom-tool sbom-quality
-
Updated
Sep 24, 2025 - Go
Format agnostic SBOM tooling
-
Updated
Oct 20, 2025 - Go
Automate copyright headers and license files at scale
-
Updated
Sep 30, 2025 - Go
SBOM Search - Context aware search in SBOM repositories
-
Updated
Oct 6, 2025 - Go
Tool to inspect and push and SPDX document as an OCI artifact
-
Updated
Jul 14, 2023 - Go
A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications
golang supply-chain bom vex spdx bill-of-materials software-bill-of-materials go-module sbom cyclonedx supply-chain-security spdx-sbom sbom-tool cyclonedx-sbom sbom-tools
-
Updated
Oct 24, 2025 - Go
Improve this page
Add a description, image, and links to the spdx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the spdx topic, visit your repo's landing page and select "manage topics."