bomber - a vulnerability scanner for SBOMs

This page summarizes the projects mentioned and recommended in the original post on /r/netsec
spdx cyclonedx Gomodule sbom supply-chain

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • bomber

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  • osv.dev

    Open source vulnerability DB and triage service.

    • npm audit will report packages that have known vulnerabilities reported here: https://osv.dev/. Bomber uses synk’s OSS index so it will report a subset of the results of what snyk would. The fact that bomber is written in go and snyk’s cli is in js probably means scanning for dependencies will be faster, but i haven’t actually benchmarked that.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts