scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

SBOM quality score - Quality metrics for your sboms

A suite of utilities to help with software supply chain challenges on nix targets

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

Enrich SBOMs with data from third party services

Utility that provides an API platform for validating, querying and managing BOM data

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.

Check SPDX SBOM for NTIA minimum elements

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

This tool compares two Software Bill of Materials (SBOMs) and reports the differences.

Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

SBOM Grep - search through SBOMs

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.