SBOM Quality Score VS in-toto-golang

Compare SBOM Quality Score vs in-toto-golang and see what are their differences.

SBOM Quality Score

SBOM quality score - Quality metrics for your sboms (by interlynk-io)
sbom vex software-supply-chain open-source Golang cyclonedx spdx sbom-examples sbom-tool Go sbom-quality sbom-score sbom-samples devsecops-pipeline security-tools supply-chain-security
Source Code
Docs
Suggest alternative
Edit details

in-toto-golang

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity. (by in-toto)
zero-trust in-toto software-supply-chain Security
Source Code
in-toto.io
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
SBOM Quality Score in-toto-golang
2 -
133 114
5.3% 0.0%
8.2 8.3
19 days ago 4 days ago
Go Go
Apache License 2.0 GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

SBOM Quality Score

Posts with mentions or reviews of SBOM Quality Score. We have used some of these posts to build our list of alternatives and similar projects.
  • How good is the sbom that was generated for your product.
    1 project | /r/devsecops | 16 Feb 2023
    Github: https://github.com/interlynk-io/sbomqs
  • sbomqs, an open source tools to quality check your SBOMS
    1 project | dev.to | 2 Feb 2023
    When putting together a previous post on how to use open source tools to create a software bill of materials (SBOM), Ritesh Noronha alerted me to another project, sbomqs that aims to simplify the evaluation of SBOM quality for both producers and consumers. A quality SBOM is one that is accurate, complete, and up-to-date. It should accurately reflect the components and dependencies used in the software application, including their version and optionally any known vulnerabilities. In addition, it should be easily accessible and understandable by stakeholders, such as developers, security teams, and compliance officers. I guess these are some of the heuristics used.

in-toto-golang

Posts with mentions or reviews of in-toto-golang. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning in-toto-golang yet.
Tracking mentions began in Dec 2020.

What are some alternatives?

When comparing SBOM Quality Score and in-toto-golang you can also consider the following projects:

chain-bench - An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

cosign - Code signing and transparency for containers and binaries

zarf - DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

spire - The SPIFFE Runtime Environment

kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

slsa-provenance-action - Github Action implementation of SLSA Provenance Generation

spiffe-vault - Integrates Spiffe and Vault to have secretless authentication

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

tfsec - Security scanner for your Terraform code

trasa - Zero Trust Service Access

tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]

community - in-toto is a framework to secure the software supply chain.

SBOM Quality Score vs chain-bench in-toto-golang vs cosign SBOM Quality Score vs zarf in-toto-golang vs spire SBOM Quality Score vs kubeclarity in-toto-golang vs slsa-provenance-action in-toto-golang vs spiffe-vault in-toto-golang vs fosite in-toto-golang vs tfsec in-toto-golang vs trasa in-toto-golang vs tfsec in-toto-golang vs community