Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Software Composition and Dependencies devroom - FOSDEM 2022
Get Dependabot Alerts from a repo
GitHub Action to analyze Pull Requests for open-source supply chain issues
gradle pipeline
blackduck findbugs gradle githubactions
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Sharing software supply chain security open source projects
A simple Java command-line utility to mirror the entire contents of VulnDB.
A compilation of resources in the software supply chain security domain, with emphasis on open source
All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."