OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7

A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles

Scans your project to determine what components you use

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

The SPDX specification in MarkDown and HTML formats.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

A suite of utilities to help with software supply chain challenges on nix targets

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

Utility that provides an API platform for validating, querying and managing BOM data

Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)