The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 9 sbom-generator Open-Source Projects
-
Retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
sbom-tool
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
awesome-sbom
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
Retire.js
As others have already commented:
The US government has added SBOMs to a proposed rule to update the Federal Acquisition Regulation. So if you want to sell to the US Government you'll have to provide SBOMs: https://www.federalregister.gov/documents/2023/10/03/2023-21...
Lots of large companies require SBOMs from their supplier.
In the EU we will get the Cyber Resilience Act which will make them mandatory as well in certain cases: https://data.consilium.europa.eu/doc/document/ST-12536-2023-...
And yes, there's bascially two technical standards to provide them: SPDX and CycloneDX: https://cyclonedx.org/
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22CycloneDx-gomod
Project mention: Wolfi: A community Linux OS designed for the container and cloud-native era | news.ycombinator.com | 2023-06-27I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention
There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.
1: https://github.com/tiiuae/sbomnix
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
sbom-generator related posts
- An Intro to SBOMs
- Do you SecDevOps?
- SBOM management
- Renovate, a Dependabot alternative
- SBOM Tool
- sbom-tool: The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
- sbom-tool: The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source sbom-generator projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Retire.js | 3,508 |
| 2 | ort | 1,475 |
| 3 | sbom-tool | 1,438 |
| 4 | lunasec | 1,406 |
| 5 | awesome-sbom | 416 |
| 6 | cyclonedx-maven-plugin | 273 |
| 7 | cyclonedx-gradle-plugin | 138 |
| 8 | cyclonedx-gomod | 124 |
| 9 | sbomnix | 97 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com