Top 6 Go cyclonedx Projects

grype

56 7,649 9.5 Go

A vulnerability scanner for container images and filesystems

Project mention: Introduction to the Kubernetes ecosystem | dev.to | 2024-04-25

Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)

syft

32 5,451 9.8 Go

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
bomber

4 453 7.1 Go

Scans Software Bill of Materials (SBOMs) for security vulnerabilities
chainloop

3 305 9.6 Go

Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.

Project mention: Choosing the “old stuff” as plugin SDK for Go in 2023 | news.ycombinator.com | 2023-07-06

SBOM Quality Score

2 132 8.2 Go

SBOM quality score - Quality metrics for your sboms
parlay

1 93 8.1 Go

Enrich SBOMs with data from third party services

Project mention: Parlay | /r/devopspro | 2023-06-12

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).