Free tool for generating SBOM and CVEs against source or binaries

This page summarizes the projects mentioned and recommended in the original post on /r/cybersecurity
Security Containers security-tools Docker Go

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • I've done some work in this space but not specifically on source code. A tool you could try out is Trivy from AquaSecurity. The filesystem scan option might work and can output SBOMs (here's the doc page). Using Trivy for docker images has worked quite well for me thus far so hopefully you have some luck using their filesystem or git repository options!

  • osv.dev

    Open source vulnerability DB and triage service.

    • Have a look at https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html they have plans for c++ https://github.com/google/osv.dev/issues/783

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • General Docker Troubleshooting, Best Practices & Where to Go From Here

    3 projects | dev.to | 19 Jan 2024

  • Docker image vulnerabilities scanning trivy vs synk.io

    1 project | /r/docker | 30 Apr 2023

  • Docker image vulnerabilities scanning trivy vs synk.io

    1 project | /r/cybersecurity | 30 Apr 2023

  • Open source container scanning tool to find vulnerabilities and suggest best practice improvements?

    8 projects | /r/selfhosted | 15 Apr 2023

  • Vulnerability scanner written in Go that uses osv.dev data

    7 projects | news.ycombinator.com | 16 Dec 2022