tern
cdxgen
Our great sponsors
tern | cdxgen | |
---|---|---|
1 | 3 | |
932 | 448 | |
0.5% | 9.2% | |
3.2 | 9.5 | |
about 2 months ago | 4 days ago | |
Python | JavaScript | |
BSD 2-clause "Simplified" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tern
-
Learn by reading code: Python standard library design decisions explained
A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.
Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.
[0] https://github.com/tern-tools/tern
cdxgen
-
Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone
Today, it gives me great pleasure to announce OWASP dep-scan v5. Like everyone, I was constantly frustrated with the amount of false positives generated by all Software Composition Analysis tools (including mine) and wanted to do something. I worked closely with a few colleagues (Caroline, Tim, Saket, and David) for a year to build the various capabilities that together form depscan v5.
- cdxgen
-
A package pretending to be the roblox API removed from NPM
Check out CycloneDX and cdxgen. It creates a software bill of materials, similar to a package-lock.json, that hashes all your dependencies so that if there's any drift you can easily detect tampering.
What are some alternatives?
ort - A suite of tools to automate software compliance checks.
cyclonedx-gradle-plugin - Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
goodcode - A curated collection of annotated code examples from prominent open-source projects
kitematic - Visual Docker Container Management on Mac & Windows
spdx-spec - The SPDX specification in MarkDown and HTML formats.
Please-Contain-Yourself - A Docker tutorial written for people who don't actually know Docker already.
import-linter - Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
oci-designer-toolkit - OCI designer toolKIT (OKIT) is a set of tools for enabling design, deploy and visualise OCI environments through a graphical web based interface.