software-composition-analysis

ERROR: failed to run post-scan plugin: summary-by-facet:
Traceback (most recent call last):
  File "/home/ayansm/Desktop/GSoD/scancode-toolkit-versions/scancode-toolkit-3.1.1/src/scancode/cli.py", lin

bug good first issue summaries

Open

Error in `filter-clues` Plugin

Open

Add support for electron ASAR archives

Find more good first issues →

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Updated Sep 29, 2020
Java

albuch / sbt-dependency-check

Star

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

security scala sbt static-analysis owasp sbt-plugin vulnerabilities cve appsec nvd software-security owasp-dependencycheck vulnerability-scanners software-composition-analysis

Updated Sep 18, 2020
Scala

stevespringett / nist-data-mirror

Star

A simple Java command-line utility to mirror the CVE JSON data from NIST.

java nist cve cpe appsec nvd sca software-security software-composition-analysis

Updated Sep 21, 2020
Java

jhermann / dependency-check-py

Star

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

python security security-audit dependency-analysis owasp cli-utility vulnerability-detection software-supply-chain cve-scanning software-composition-analysis

Updated Sep 29, 2020
Python

ozonru / dtrack-audit

Star

OWASP Dependency Track API client for intergration into CI/CD pipeline

security component-analysis security-tools software-composition-analysis

Updated Jan 20, 2020
Go

stevespringett / vulndb-data-mirror

Star

A simple Java command-line utility to mirror the entire contents of VulnDB.

java vulndb cve appsec sca software-security software-composition-analysis

Updated Sep 28, 2020
Java

nexB / scancode.io

Star

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. First application is for Docker container and VM composition analysis.

docker open-source virtual-machine license sca scancode software-composition-analysis

Updated Sep 25, 2020
Python

ozonru / cyclonedx-go

Star

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.

security bom component-analysis security-tools software-composition-analysis bill-of-materials sbom cyclonedx