Free tool for generating SBOM and CVEs against source or binaries

1. trivy

   1 91 24,632 9.8 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

   I've done some work in this space but not specifically on source code. A tool you could try out is Trivy from AquaSecurity. The filesystem scan option might work and can output SBOMs (here's the doc page). Using Trivy for docker images has worked quite well for me thus far so hopefully you have some luck using their filesystem or git repository options!

2. Nutrient

   www.nutrient.io featured

   Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers. Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.

   

3. osv.dev

   2 20 1,729 9.8 Python

   Open source vulnerability DB and triage service.

   

   Have a look at https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html they have plans for c++ https://github.com/google/osv.dev/issues/783

4. syft

   3 38 6,558 9.8 Go

   CLI tool and library for generating a Software Bill of Materials from container images and filesystems

   

Suggest a related project