cyclonedx-gomod
go-mod-outdated
cyclonedx-gomod | go-mod-outdated | |
---|---|---|
4 | 1 | |
124 | 645 | |
4.0% | - | |
8.7 | 2.2 | |
3 days ago | about 1 year ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cyclonedx-gomod
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
CycloneDx-gomod
-
Go, SBOM and DependencyTrack
I am aware of the cyclonedx-gomod project, but I imagine that if the go tool got native support for sbom generation, it might also be able to provide information about vulnerable code that either are test-code only, or is not in use and does not affect a binary/module/package
-
CycloneDX SBom (Software Bill of material) Maven Demo
CycloneDX is a software bill of material format supported by OWASP.
-
Transparency and user agency as principles for distributing and consuming open source software packages
A good way to illustrate the complexity of this today is parsing through the several thousand lines of Ansible code devoted to dealing with APT or DNF, or how basic operations such as listing Linux packages or Go modules are handled.
go-mod-outdated
-
I wrote a tool to check available updates in go.mod
https://github.com/oligot/go-mod-upgrade and https://github.com/psampaz/go-mod-outdated do already the job
What are some alternatives?
cyclonedx-gradle-plugin - Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
go-outdated
awesome-sbom - A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
gostatus - A command line tool that shows the status of Go repositories.
ostree - Operating system and container binary deployment and upgrades
goimports - [mirror] Go Tools
cyclonedx-maven-plugin - Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
go-cleanarch - Clean architecture validator for go, like a The Dependency Rule and interaction between packages in your Go projects.
sig-security - 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
athens - A Go module datastore and proxy
mkosi - 💽 Build Bespoke OS Images
dupl - a tool for code clone detection