The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
A suite of utilities to help with software supply chain challenges on nix targets
Utility that provides an API platform for validating, querying and managing BOM data
The model for the information captured in SPDX version 3 standard.
Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.
Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.
Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.
Detect Licenses, dependencies by scanning your project/repositories to discover the Open Source and Third party packages used in your code.
A library and CLI to work with CSAF and SBOM data
Use SBOM metadata to validate release integrity.
SBOM Parsing For Humans
Copyright and License management solutions
AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for critical text classification tasks.
Command line tool and python package for interacting with Timesys Vigiles APIs
📓 A python CLI tool to extract a software bill of materials and license info from a vcpkg manifest.
Add a description, image, and links to the spdx-sbom topic page so that developers can more easily learn about it.
To associate your repository with the spdx-sbom topic, visit your repo's landing page and select "manage topics."