software-composition-analysis topic
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
awesome-sca
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
actions-exposure
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure an...
dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
actions-code
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
dependency-check-py
:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
dtrack-audit
OWASP Dependency Track API client for intergration into CI/CD pipeline