Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Owasp OpenAPI Appsec openapi-generator Security

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

  • spdx-dependency-track

    A simple application to crawl your Github repositories, export SBOM's in SPDX format, and ingest these for licensing analysis.

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    • I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

    I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

    It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

    Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • openapi-code-generator

    A code generation tool for openapi 3 / 3.1 specifications written in typescript, primarily aimed at generating typescript clients and server stubs. Other target languages may be added in future.

    • I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

    I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

    It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

    Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • SQL Injection Isn't Dead Yet

    2 projects | dev.to | 15 Apr 2024

  • Dependency-Track

    1 project | news.ycombinator.com | 27 Oct 2023

  • OpenAPI - API documentation standard - Boon for the software engineers

    2 projects | dev.to | 4 Feb 2023

  • Is there any news about 64 bit Steam?

    1 project | /r/linux_gaming | 26 Nov 2022

  • The SBOM Frenzy Is Premature

    1 project | news.ycombinator.com | 5 Oct 2022