SaaSHub helps you find the best software and product alternatives Learn more →
Top 13 Go sbom Projects
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
chainloop
Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
vmclarity
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
-
fatbom
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
Project mention: Building Secure Docker Images for Production - Best Practices | dev.to | 2023-06-30In the following steps, we use a local Kubernetes cluster (such as kind) to test the image. With the cluster up and running, let's install some tooling to help us with image scanning. In this case, we're using KubeClarity. Follow the installation instructions in the README to install it into your development cluster.
Project mention: Choosing the “old stuff” as plugin SDK for Go in 2023 | news.ycombinator.com | 2023-07-06
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22CycloneDx-gomod
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22VMClarity works similarly, but within the context of VMs used by cloud services to host containers and clusters. Compared to containers, VMs may be as (or even more) vulnerable to threats and they typically need complex tools for analysis. Following a similar pattern to KubeClarity, VMClarity supports aggregating multiple tools into one UI and CLI.
Go sbom related posts
- Security starts before the production deployment
- How good is the sbom that was generated for your product.
- Go, SBOM and DependencyTrack
- 12 Things You Might Not Know About Buildpacks
- Bomber - Scans SBOMs for Vulnerabilities
- FatBOM: generates and merges SBOMs generated by various tools.
- bomber: Scans SBoMs for security vulnerabilities
-
A note from our sponsor - SaaSHub
www.saashub.com | 26 Apr 2024
Index
What are some of the best open-source sbom projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | syft | 5,451 |
2 | kubeclarity | 1,257 |
3 | zarf | 1,165 |
4 | bomber | 453 |
5 | xeol | 318 |
6 | chainloop | 305 |
7 | bom | 294 |
8 | sbom-operator | 179 |
9 | SBOM Quality Score | 132 |
10 | cyclonedx-gomod | 124 |
11 | parlay | 93 |
12 | vmclarity | 86 |
13 | fatbom | 32 |
Sponsored