Java sca Projects
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.
I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.
It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.
Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)
Index
| Project | Stars | |
|---|---|---|
| 1 | dependency-track | 2,329 |
| 2 | log4j-detector | 631 |
Sponsored