OX153
ort
Our great sponsors
OX153 | ort | |
---|---|---|
1 | 3 | |
3 | 1,475 | |
- | 2.4% | |
0.0 | 9.9 | |
almost 3 years ago | 3 days ago | |
Shell | Kotlin | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OX153
ort
-
Microsoft open sources Salus software bill of materials (SBOM) generation tool
> Do HN got a recommendation for other CLI based SBOM generators?
Try ORT https://github.com/oss-review-toolkit/ort (full disclosure I am one of its maintainers and also a the lead of the SPDX Defects/Security Profile).
If people have questions on SBOMs, comparing SCA/SBOM tools or ORT - feel free to reach out to me https://github.com/tsteenbe/
ORT plug below ;-)
ORT is much more than a SBOM generator though, it's a cli/library that enables you to safely use, integrate, modify and redistribute third party software including FOSS.
You can use ORT to:
1. Generate CycloneDX or SPDX SBOMs for your software project
-
OPEN source alternative to whitesource
Depends if you are interested in both the license and security side of things. There are tools like ORT (https://github.com/oss-review-toolkit/ort) that are quite powerful but have a little learning curve. I also know about initiatives like OpenChain and Double Open (https://github.com/doubleopen-project/doubleopen-publications/blob/master/publication.md#double-open-landscape-survey) that have information available.
- OSS Review Toolkit: analyze dependencies of a project, download them, scan them for licenses, security advisories, and much more
What are some alternatives?
gradle-license-plugin - Gradle plugin that provides a task to generate a HTML license report of your project.
scancode-toolkit - :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
ethereum-wallet-recovery - ethereum wallet recovery password multithread tool, baked from pyethrecover and pyethereum, for using keystore v3 json file to help recover your lost password if you know some phrases using both brute and wordlist technique, start + end words, whole ascii or just numbers
renovate - Universal dependency automation tool.
NoHarm - Do No Harm software license - A licence for using software for good
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
licensed - ⚖️ ✔️ licensed is an interactive command line tool to help you choose and add licenses to your projects
barista - project barista - open source license and vulnerability management
LicensePlist - A license list generator of all your dependencies for iOS applications
sbom-tool - The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
fossology - FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
tern - Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.