production sbom command line tool
Datadog CI plugin for `sbom` commands
Create CycloneDX Software Bill of Materials (SBOM) from NPM projects.
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
Create CycloneDX Software Bill of Materials (SBOM) from yarn projects.
Creates CycloneDX Software Bill of Materials (SBoM) from webpack projects
Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators
Create CycloneDX Software Bill of Materials (SBOM) from projects built with esbuild or Bun.
Generate SBOM from pnpm lockfile
SBOM generation for Stackwright projects - generates SPDX, CycloneDX, and build manifest formats
A rollup, rolldown and vite plugin to generate SBOMs for your application
SYNAPSE SBOM scanner for npm projects — generate a CycloneDX SBOM locally and submit it to SYNAPSE Software Component Analysis.
Automatically generated OSS license information from SBOM.
Tools to analyse CycloneDX SBOM files
Automated SBOM generation and vulnerability scanning for multiple repositories. Generates CycloneDX SBOMs, scans with Trivy, and notifies via Slack/email.
pnpm commands for audit, licenses, and sbom
Enterprise SBOM features for Stackwright - CVE enrichment, signing, SLSA provenance, and registry publishing
Automatically generated OSS license information from SBOM.
Automatically generated OSS license information from SBOM.
Automatically generated OSS license information from SBOM.
Upload your Software Bill of Materials (SBOM) to SOOS for vulnerability analysis, license matching and more. Register for a free trial today at https://app.soos.io/register
Reporting tools for 3rd party vulnerabilities and licenses
DataNexus MCP — AI-Ready public data intelligence. 55 tools: CVE risk verdicts, SBOM licence policy, frontend security (manifest audit, CI scanner, typosquatting), licence compatibility, nonprofit 990 trends, SBOM monitoring, federal contracts, NPI lookup
Security lifecycle orchestrator — dispatches to per-stage security providers (secrets, sbom, release-gate, etc.).
sbom parse and generate
SBOM generation tool for uv projects - Generate CycloneDX SBOMs from uv.lock files
Semantic SBOM diff and analysis tool
Create software bill of materials (SBOM) for Rust
Automate CRA compliance: generate OpenVEX reports from Yocto SBOMs by filtering CVEs with kernel config and device tree analysis
diff engine and cli for sbom comparison
A CLI tool to check dependency licenses.
core format-agnostic sbom model and query api
cyclonedx adapter for sbom-model
SBOM diff with supply-chain risk signals (CVEs, typosquats, maintainer-age).
spdx adapter for sbom-model
Library to assess SBOM quality.
A Ruby library for working with Software Bill of Materials in SPDX and CycloneDX formats. Supports parsing, generation, validation, and format conversion.
Generate SBOM(Software Bill of Materials) files with Bundler
Gem for generating/parsing CycloneDX JSON SBOMs
CycloneDX is a lightweight software bill-of-material (SBOM) specification designed for use in application security contexts and supply chain component analysis. This Gem generates CycloneDX BOMs from Ruby projects.
CycloneDX is a lightweight software bill-of-material (SBOM) specification designed for use in application security contexts and supply chain component analysis. This Gem generates CycloneDX BOMs from CocoaPods projects.
A comprehensive tool to detect, report, and remediate dependency-related security risks in Ruby projects. Includes CVE scanning, SBOM generation, and CI/CD integration.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.