-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
8 lines (7 loc) · 124 KB
/
index.html
1
2
3
4
5
6
7
<center>
<a href="https://github.com/SoftwareDesignLab/sbom_tools"><img src="resources/git.jpg" alt="Back to the GitHub Repo" style="width:100px;height:100px;"></a>
<p>
<a href="https://github.com/SoftwareDesignLab/sbom_tools">Back to the GitHub Repo</a>
</center>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link type="text/css" rel="stylesheet" href="resources/sheet.css" >
<style type="text/css">.ritz .waffle a { color: inherit; }.ritz .waffle .s5{background-color:#ffffff;text-align:left;font-weight:bold;color:#000000;font-family:'Arial';font-size:9pt;vertical-align:middle;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s4{background-color:#ffffff;text-align:left;text-decoration:underline;-webkit-text-decoration-skip:none;text-decoration-skip-ink:none;color:#000000;font-family:'docs-Calibri',Arial;font-size:11pt;vertical-align:bottom;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s8{background-color:#ffffff;text-align:left;text-decoration:underline;-webkit-text-decoration-skip:none;text-decoration-skip-ink:none;color:#1155cc;font-family:'Arial';font-size:9pt;vertical-align:middle;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s6{background-color:#ffffff;text-align:left;color:#000000;font-family:'Arial';font-size:9pt;vertical-align:middle;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s0{background-color:#efefef;text-align:left;font-weight:bold;color:#000000;font-family:'docs-Calibri',Arial;font-size:13pt;vertical-align:bottom;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s1{background-color:#f3f3f3;text-align:left;font-weight:bold;color:#000000;font-family:'docs-Calibri',Arial;font-size:11pt;vertical-align:bottom;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s3{background-color:#ffffff;text-align:right;color:#000000;font-family:'docs-Calibri',Arial;font-size:11pt;vertical-align:bottom;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s2{background-color:#ffffff;text-align:left;color:#000000;font-family:'docs-Calibri',Arial;font-size:11pt;vertical-align:bottom;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}.ritz .waffle .s7{background-color:#ffffff;text-align:left;text-decoration:underline;-webkit-text-decoration-skip:none;text-decoration-skip-ink:none;color:#000000;font-family:'Arial';font-size:9pt;vertical-align:middle;white-space:normal;overflow:hidden;word-wrap:break-word;direction:ltr;padding:2px 3px 2px 3px;}</style><div class="ritz grid-container" dir="ltr"><table class="waffle" cellspacing="0" cellpadding="0"><thead><tr><th class="row-header freezebar-vertical-handle"></th><th id="0C0" style="width:133px;" class="column-headers-background">A</th><th id="0C1" style="width:91px;" class="column-headers-background">B</th><th id="0C2" style="width:101px;" class="column-headers-background">C</th><th id="0C3" style="width:91px;" class="column-headers-background">D</th><th id="0C4" style="width:72px;" class="column-headers-background">E</th><th id="0C5" style="width:112px;" class="column-headers-background">F</th><th id="0C6" style="width:115px;" class="column-headers-background">G</th><th id="0C7" style="width:471px;" class="column-headers-background">H</th><th id="0C8" style="width:196px;" class="column-headers-background">I</th><th id="0C9" style="width:271px;" class="column-headers-background">J</th></tr></thead><tbody><tr style="height: 20px"><th id="0R0" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">1</div></th><td class="s0" dir="ltr">Tool Name</td><td class="s0" dir="ltr">Vendor</td><td class="s0" dir="ltr">What It Does?</td><td class="s0" dir="ltr">Tags</td><td class="s0" dir="ltr">Is Public</td><td class="s0" dir="ltr">Is Library</td><td class="s0" dir="ltr">Cyclonedx Compatible</td><td class="s0" dir="ltr">Description</td><td class="s0" dir="ltr">Repo URL</td><td class="s0" dir="ltr">Web URL</td></tr><tr><th style="height:3px;" class="freezebar-cell freezebar-horizontal-handle"></th><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td><td class="freezebar-cell"></td></tr><tr style="height: 20px"><th id="0R1" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">2</div></th><td class="s1" dir="ltr">CycloneDX Core for Java</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2" dir="ltr">Library which facilitates the creation of SBOMs from Java objects parsing of existing SBOMs into an object model and validation of SBOMs</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-core-java">https://github.com/CycloneDX/cyclonedx-core-java</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-core-java">https://github.com/CycloneDX/cyclonedx-core-java</a></td></tr><tr style="height: 20px"><th id="0R2" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">3</div></th><td class="s1" dir="ltr">CycloneDX for .NET</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-dotnet">https://github.com/CycloneDX/cyclonedx-dotnet</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.nuget.org/packages/CycloneDX/">https://www.nuget.org/packages/CycloneDX/</a></td></tr><tr style="height: 20px"><th id="0R3" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">4</div></th><td class="s1" dir="ltr">CycloneDX Libraries for .NET</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">.NET libraries to consume and produce CycloneDX Software Bill of Materials (SBOM)</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-dotnet-library">https://github.com/CycloneDX/cyclonedx-dotnet-library</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.nuget.org/profiles/CycloneDX">https://www.nuget.org/profiles/CycloneDX</a></td></tr><tr style="height: 20px"><th id="0R4" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">5</div></th><td class="s1" dir="ltr">CycloneDX for NPM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Node.js (NPM) projects. This package also doubles as a library which facilitates the creation of SBOMs from Javascript objects.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-node-module">https://github.com/CycloneDX/cyclonedx-node-module</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.npmjs.com/package/@cyclonedx/bom">https://www.npmjs.com/package/@cyclonedx/bom</a></td></tr><tr style="height: 20px"><th id="0R5" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">6</div></th><td class="s1" dir="ltr">CycloneDX for Webpack</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for frontend Javascript applications that have been bundled with webpack.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-webpack-plugin">https://github.com/CycloneDX/cyclonedx-webpack-plugin</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-webpack-plugin">https://github.com/CycloneDX/cyclonedx-webpack-plugin</a></td></tr><tr style="height: 20px"><th id="0R6" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">7</div></th><td class="s1" dir="ltr">CycloneDX for Maven</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Java (Maven) projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-maven-plugin">https://github.com/CycloneDX/cyclonedx-maven-plugin</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-maven-plugin">https://github.com/CycloneDX/cyclonedx-maven-plugin</a></td></tr><tr style="height: 20px"><th id="0R7" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">8</div></th><td class="s1" dir="ltr">CycloneDX library for Go</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-go">https://github.com/CycloneDX/cyclonedx-go</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-go">https://github.com/CycloneDX/cyclonedx-go</a></td></tr><tr style="height: 20px"><th id="0R8" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">9</div></th><td class="s1" dir="ltr">CycloneDX for Go modules</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX Software Bill of Materials (SBOM) from Go modules</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-gomod">https://github.com/CycloneDX/cyclonedx-gomod</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-gomod">https://github.com/CycloneDX/cyclonedx-gomod</a></td></tr><tr style="height: 20px"><th id="0R9" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">10</div></th><td class="s1" dir="ltr">CycloneDX for Gradle</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Java (Gradle) projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-gradle-plugin">https://github.com/CycloneDX/cyclonedx-gradle-plugin</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://plugins.gradle.org/plugin/org.cyclonedx.bom">https://plugins.gradle.org/plugin/org.cyclonedx.bom</a></td></tr><tr style="height: 20px"><th id="0R10" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">11</div></th><td class="s1" dir="ltr">CycloneDX for PHP Composer</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for PHP Composer projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-php-composer">https://github.com/CycloneDX/cyclonedx-php-composer</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://packagist.org/packages/cyclonedx/cyclonedx-php-composer">https://packagist.org/packages/cyclonedx/cyclonedx-php-composer</a></td></tr><tr style="height: 20px"><th id="0R11" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">12</div></th><td class="s1" dir="ltr">CycloneDX PHP Library</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Work with CycloneDX data format in PHP</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-php-library">https://github.com/CycloneDX/cyclonedx-php-library</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://packagist.org/packages/cyclonedx/cyclonedx-library">https://packagist.org/packages/cyclonedx/cyclonedx-library</a></td></tr><tr style="height: 20px"><th id="0R12" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">13</div></th><td class="s1" dir="ltr">CycloneDX for Python</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Python projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-python">https://github.com/CycloneDX/cyclonedx-python</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://pypi.org/project/cyclonedx-bom/">https://pypi.org/project/cyclonedx-bom/</a></td></tr><tr style="height: 20px"><th id="0R13" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">14</div></th><td class="s1" dir="ltr">CycloneDX Python Library</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Python Library for generating CycloneDX SBOMs</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-python-lib">https://github.com/CycloneDX/cyclonedx-python-lib</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://pypi.org/project/cyclonedx-python-lib/">https://pypi.org/project/cyclonedx-python-lib/</a></td></tr><tr style="height: 20px"><th id="0R14" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">15</div></th><td class="s1" dir="ltr">CycloneDX for Ruby Gems</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Ruby projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-ruby-gem">https://github.com/CycloneDX/cyclonedx-ruby-gem</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://rubygems.org/gems/cyclonedx-ruby">https://rubygems.org/gems/cyclonedx-ruby</a></td></tr><tr style="height: 20px"><th id="0R15" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">16</div></th><td class="s1" dir="ltr">CycloneDX for Rust Cargo</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Rust Cargo projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-rust-cargo">https://github.com/CycloneDX/cyclonedx-rust-cargo</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://crates.io/crates/cyclonedx-bom">https://crates.io/crates/cyclonedx-bom</a></td></tr><tr style="height: 20px"><th id="0R16" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">17</div></th><td class="s1" dir="ltr">CycloneDX for SBT (Scala)</td><td class="s2" dir="ltr">Fabrizio Di Giuseppe</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for SBT (Scala) projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/siculo/sbt-bom">https://github.com/siculo/sbt-bom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/siculo/sbt-bom">https://github.com/siculo/sbt-bom</a></td></tr><tr style="height: 20px"><th id="0R17" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">18</div></th><td class="s1" dir="ltr">CycloneDX for Erlang/Elixir (Mix)</td><td class="s2" dir="ltr">Bram Verburg</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Mix projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/voltone/sbom">https://github.com/voltone/sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://hex.pm/packages/sbom">https://hex.pm/packages/sbom</a></td></tr><tr style="height: 20px"><th id="0R18" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">19</div></th><td class="s1" dir="ltr">CycloneDX for Erlang/Elixir (Rebar3)</td><td class="s2" dir="ltr">Bram Verburg</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Rebar3 projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/voltone/rebar3_sbom">https://github.com/voltone/rebar3_sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://hex.pm/packages/rebar3_sbom">https://hex.pm/packages/rebar3_sbom</a></td></tr><tr style="height: 20px"><th id="0R19" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">20</div></th><td class="s1" dir="ltr">CycloneDX for Go</td><td class="s2" dir="ltr">OZON</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Go projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ozonru/cyclonedx-go">https://github.com/ozonru/cyclonedx-go</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ozonru/cyclonedx-go">https://github.com/ozonru/cyclonedx-go</a></td></tr><tr style="height: 20px"><th id="0R20" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">21</div></th><td class="s1" dir="ltr">CycloneDX for Bower</td><td class="s2" dir="ltr">Hans Thorhauge Dam</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for Javascript projects using Bower</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/hanstdam/cdx-bower-bom">https://github.com/hanstdam/cdx-bower-bom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.npmjs.com/package/cdx-bower-bom">https://www.npmjs.com/package/cdx-bower-bom</a></td></tr><tr style="height: 20px"><th id="0R21" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">22</div></th><td class="s1" dir="ltr">cdxgen</td><td class="s2" dir="ltr">AppThreat</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX Software Bill of Materials (SBOM) for Node.js Java Python and golang projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/AppThreat/cdxgen">https://github.com/AppThreat/cdxgen</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/AppThreat/cdxgen">https://github.com/AppThreat/cdxgen</a></td></tr><tr style="height: 20px"><th id="0R22" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">23</div></th><td class="s1" dir="ltr">CycloneDX-Buildroot</td><td class="s2" dir="ltr">alvinchchen</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">The CycloneDX-buildroot module for Python creates a valid CycloneDX bill of materials from buildroot manifest.xlsx files</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/alvinchchen/cyclonedx-buildroot">https://github.com/alvinchchen/cyclonedx-buildroot</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/alvinchchen/cyclonedx-buildroot">https://github.com/alvinchchen/cyclonedx-buildroot</a></td></tr><tr style="height: 20px"><th id="0R23" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">24</div></th><td class="s1" dir="ltr">Eclipse SW360 Antenna</td><td class="s2" dir="ltr">Eclipse</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from Maven projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/eclipse/antenna">https://github.com/eclipse/antenna</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.eclipse.org/antenna">https://www.eclipse.org/antenna</a></td></tr><tr style="height: 20px"><th id="0R24" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">25</div></th><td class="s1" dir="ltr">CycloneDX Node.js Generate SBOM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from Node.js (NPM) projects via GitHub action</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-node-module-generatebom">https://github.com/CycloneDX/gh-node-module-generatebom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom">https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R25" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">26</div></th><td class="s1" dir="ltr">CycloneDX .NET Generate SBOM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from .NET projects via GitHub action</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-dotnet-generate-sbom">https://github.com/CycloneDX/gh-dotnet-generate-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-net-generate-sbom">https://github.com/marketplace/actions/cyclonedx-net-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R26" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">27</div></th><td class="s1" dir="ltr">CycloneDX PHP Composer Generate SBOM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from PHP Composer projects via GitHub action</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-php-composer-generate-sbom">https://github.com/CycloneDX/gh-php-composer-generate-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-php-composer-generate-sbom">https://github.com/marketplace/actions/cyclonedx-php-composer-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R27" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">28</div></th><td class="s1" dir="ltr">CycloneDX Python Generate SBOM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from Python projects via GitHub action</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-python-generate-sbom">https://github.com/CycloneDX/gh-python-generate-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-python-generate-sbom">https://github.com/marketplace/actions/cyclonedx-python-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R28" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">29</div></th><td class="s1" dir="ltr">Generate SBoM for Elixir project</td><td class="s2" dir="ltr">Red Shirts</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from Erlang/Elixir Mix projects via GitHub action</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/red-shirts/action-mix-sbom">https://github.com/red-shirts/action-mix-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/generate-sbom-for-elixir-project">https://github.com/marketplace/actions/generate-sbom-for-elixir-project</a></td></tr><tr style="height: 20px"><th id="0R29" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">30</div></th><td class="s1" dir="ltr">cdxgen</td><td class="s2" dir="ltr">AppThreat</td><td class="s2"></td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">GitHub action for CycloneDX BOM generator (cdxgen). cdxgen produced bom xml file can be uploaded to Dependency-Track AppThreat and other commercial Software Composition Analysis (SCA) products</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/AppThreat/cdxgen-action">https://github.com/AppThreat/cdxgen-action</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cdxgen">https://github.com/marketplace/actions/cdxgen</a></td></tr><tr style="height: 20px"><th id="0R30" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">31</div></th><td class="s1" dir="ltr">OpenSource Review Toolkit (ORT)</td><td class="s2" dir="ltr">HERE Europe B.V.</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">A suite of tools to assist with reviewing open source software dependencies.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/oss-review-toolkit/ort">https://github.com/oss-review-toolkit/ort</a></td><td class="s4" dir="ltr"><a target="_blank" href="http://oss-review-toolkit.org/">http://oss-review-toolkit.org/</a></td></tr><tr style="height: 20px"><th id="0R31" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">32</div></th><td class="s1" dir="ltr">Retire.js</td><td class="s2" dir="ltr">RetireJS</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Scanner that detects the use of JavaScript libraries with known vulnerabilities</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/RetireJS/retire.js">https://github.com/RetireJS/retire.js</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://retirejs.github.io/retire.js">https://retirejs.github.io/retire.js</a></td></tr><tr style="height: 20px"><th id="0R32" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">33</div></th><td class="s1" dir="ltr">Dependency-Track</td><td class="s2" dir="ltr">OWASP</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/DependencyTrack/dependency-track">https://github.com/DependencyTrack/dependency-track</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://dependencytrack.org/">https://dependencytrack.org/</a></td></tr><tr style="height: 20px"><th id="0R33" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">34</div></th><td class="s1" dir="ltr">Dependency-Track Jenkins Plugin</td><td class="s2" dir="ltr">OWASP</td><td class="s2" dir="ltr">Publish SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Publishes SBOMs to Dependency-Track for per-build analysis result visualization and configurable risk thresholds</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/jenkinsci/dependency-track-plugin">https://github.com/jenkinsci/dependency-track-plugin</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://plugins.jenkins.io/dependency-track">https://plugins.jenkins.io/dependency-track</a></td></tr><tr style="height: 20px"><th id="0R34" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">35</div></th><td class="s1" dir="ltr">dtrack-audit</td><td class="s2" dir="ltr">OZON</td><td class="s2" dir="ltr">Publish SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Publishes SBOMs to Dependency-Track for analysis and displays visualization from the command-line</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ozonru/dtrack-audit">https://github.com/ozonru/dtrack-audit</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ozonru/dtrack-audit">https://github.com/ozonru/dtrack-audit</a></td></tr><tr style="height: 20px"><th id="0R35" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">36</div></th><td class="s1" dir="ltr">ShiftLeft Scan</td><td class="s2" dir="ltr">ShiftLeft</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">An open-source security tool for modern DevSecOps teams that can detect various kinds of security flaws in your application and infrastructure code in a single fast scan</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ShiftLeftSecurity/sast-scan">https://github.com/ShiftLeftSecurity/sast-scan</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.shiftleft.io/scan/">https://www.shiftleft.io/scan/</a></td></tr><tr style="height: 20px"><th id="0R36" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">37</div></th><td class="s1" dir="ltr">SCANOSS</td><td class="s2" dir="ltr">SCANOSS</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">An open source inventory engine built for modern development teams</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/scanoss">https://github.com/scanoss</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.scanoss.co.uk/">https://www.scanoss.co.uk/</a></td></tr><tr style="height: 20px"><th id="0R37" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">38</div></th><td class="s1" dir="ltr">oss_inventory</td><td class="s2" dir="ltr">Thiago Pinto</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Import CycloneDX BOMs and see OSS statistics</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td></tr><tr style="height: 20px"><th id="0R38" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">39</div></th><td class="s1" dir="ltr">Auditjs</td><td class="s2" dir="ltr">Sonatype</td><td class="s2" dir="ltr">Find Vuln</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Audits an NPM package.json file to identify known vulnerabilities</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/auditjs">https://github.com/sonatype-nexus-community/auditjs</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/auditjs">https://github.com/sonatype-nexus-community/auditjs</a></td></tr><tr style="height: 20px"><th id="0R39" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">40</div></th><td class="s1" dir="ltr">Chelsea</td><td class="s2" dir="ltr">Sonatype</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Dependency vulnerability auditor for Ruby</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/chelsea">https://github.com/sonatype-nexus-community/chelsea</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/chelsea">https://github.com/sonatype-nexus-community/chelsea</a></td></tr><tr style="height: 20px"><th id="0R40" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">41</div></th><td class="s1" dir="ltr">Jake</td><td class="s2" dir="ltr">Sonatype</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">An OSS Index integration to check your Conda environments for vulnerable Open Source packages</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/jake">https://github.com/sonatype-nexus-community/jake</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/jake">https://github.com/sonatype-nexus-community/jake</a></td></tr><tr style="height: 20px"><th id="0R41" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">42</div></th><td class="s1" dir="ltr">Nancy</td><td class="s2" dir="ltr">Sonatype</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">A tool to check for vulnerabilities in your Golang dependencies powered by Sonatype OSS Index</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/nancy">https://github.com/sonatype-nexus-community/nancy</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/nancy">https://github.com/sonatype-nexus-community/nancy</a></td></tr><tr style="height: 20px"><th id="0R42" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">43</div></th><td class="s1" dir="ltr">Go Sonatypes</td><td class="s2" dir="ltr">Sonatype</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Common utility packages for working with OSS Index Nexus IQ Server CycloneDX SBOMs or getting a user-agent</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/go-sona-types">https://github.com/sonatype-nexus-community/go-sona-types</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sonatype-nexus-community/go-sona-types">https://github.com/sonatype-nexus-community/go-sona-types</a></td></tr><tr style="height: 20px"><th id="0R43" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">44</div></th><td class="s1" dir="ltr">Valaa Stack</td><td class="s2" dir="ltr">Valaa Technologies</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">SBoMDoc is a VDoc extension which uses CycloneDX namespaces and can emit BOM documents in various formats</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/valaatech/kernel">https://github.com/valaatech/kernel</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://valospace.org/">https://valospace.org/</a></td></tr><tr style="height: 20px"><th id="0R44" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">45</div></th><td class="s1" dir="ltr">Nexus IQ</td><td class="s2" dir="ltr">Sonatype</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s2"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Software Composition Analysis (SCA) platform that can consume analyze and produce CycloneDX SBOMs</td><td class="s2"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.sonatype.com/product-nexus-lifecycle">https://www.sonatype.com/product-nexus-lifecycle</a></td></tr><tr style="height: 20px"><th id="0R45" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">46</div></th><td class="s1" dir="ltr">Nexus Lifecycle Jenkins Plugin</td><td class="s2" dir="ltr">Sonatype</td><td class="s2" dir="ltr">Publish SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Publishes CycloneDX SBOMs to Nexus IQ for per-build analysis result visualization and policy evaluation</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/jenkinsci/nexus-platform-plugin">https://github.com/jenkinsci/nexus-platform-plugin</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://plugins.jenkins.io/nexus-jenkins-plugin">https://plugins.jenkins.io/nexus-jenkins-plugin</a></td></tr><tr style="height: 20px"><th id="0R46" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">47</div></th><td class="s1" dir="ltr">MedScan</td><td class="s2" dir="ltr">MedSec</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s2"></td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Consumes SBOM’s for helping hospitals manage medical device assets</td><td class="s2"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.medsec.com/medscan/">https://www.medsec.com/medscan/</a></td></tr><tr style="height: 20px"><th id="0R47" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">48</div></th><td class="s1" dir="ltr">Reliza Hub</td><td class="s2" dir="ltr">Reliza</td><td class="s2"></td><td class="s2" dir="ltr">NA</td><td class="s2"></td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Publishes Reliza Hub metadata as SBOM for use in other tools or ingests SBOMs produced in other tools to update Reliza Hub metadata</td><td class="s2"></td><td class="s4" dir="ltr"><a target="_blank" href="https://relizahub.com/">https://relizahub.com/</a></td></tr><tr style="height: 20px"><th id="0R48" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">49</div></th><td class="s1" dir="ltr">SwiftBOM</td><td class="s2" dir="ltr">CERT Coordination Center (CERT/CC)</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Generates SBOMs for demo and PoC purposes</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CERTCC/SBOM">https://github.com/CERTCC/SBOM</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://sbom.democert.org/sbom/">https://sbom.democert.org/sbom/</a></td></tr><tr style="height: 20px"><th id="0R49" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">50</div></th><td class="s1" dir="ltr">DtrackAuditor</td><td class="s2" dir="ltr">Thinksabin</td><td class="s2" dir="ltr">Publish SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Publishes SBOMs to Dependency-Track for analysis and results through command line.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thinksabin/DTrackAuditor">https://github.com/thinksabin/DTrackAuditor</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thinksabin/DTrackAuditor">https://github.com/thinksabin/DTrackAuditor</a></td></tr><tr style="height: 20px"><th id="0R50" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">51</div></th><td class="s1" dir="ltr">Syft</td><td class="s2" dir="ltr">Anchore</td><td class="s2"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2" dir="ltr">CLI tool and library for generating a Software Bill of Materials from container images and filesystems.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/anchore/syft">https://github.com/anchore/syft</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/anchore/syft">https://github.com/anchore/syft</a></td></tr><tr style="height: 20px"><th id="0R51" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">52</div></th><td class="s1" dir="ltr">Grype</td><td class="s2" dir="ltr">Anchore</td><td class="s2" dir="ltr">Find Vuln</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">A vulnerability scanner for container images and filesystems.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/anchore/grype">https://github.com/anchore/grype</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/anchore/grype">https://github.com/anchore/grype</a></td></tr><tr style="height: 20px"><th id="0R52" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">53</div></th><td class="s1" dir="ltr">CycloneDX CLI</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">A command line tool incorporating many common utilities including converting between SBOM formats.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cli">https://github.com/CycloneDX/cyclonedx-cli</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cli">https://github.com/CycloneDX/cyclonedx-cli</a></td></tr><tr style="height: 20px"><th id="0R53" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">54</div></th><td class="s1" dir="ltr">CycloneDX Web Tool</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">A web based tool incorporating many common utilities including converting between SBOM formats.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-web-tool">https://github.com/CycloneDX/cyclonedx-web-tool</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://cyclonedx.github.io/cyclonedx-web-tool/">https://cyclonedx.github.io/cyclonedx-web-tool/</a></td></tr><tr style="height: 20px"><th id="0R54" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">55</div></th><td class="s1" dir="ltr">CycloneDX Rust</td><td class="s2" dir="ltr">Mark Dodgson</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">library</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">A Rust library to encode and decode the CycloneDX object model</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/doddi/cyclonedx-rust">https://github.com/doddi/cyclonedx-rust</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/doddi/cyclonedx-rust">https://github.com/doddi/cyclonedx-rust</a></td></tr><tr style="height: 20px"><th id="0R55" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">56</div></th><td class="s1" dir="ltr">CycloneDX for Cocoapods</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs for iOS Objective-C and Swift projects</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cocoapods">https://github.com/CycloneDX/cyclonedx-cocoapods</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cocoapods">https://github.com/CycloneDX/cyclonedx-cocoapods</a></td></tr><tr style="height: 20px"><th id="0R56" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">57</div></th><td class="s1" dir="ltr">mdbom</td><td class="s2" dir="ltr">Robert Hansel</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Transforms CycloneDX SBOMs to Markdown</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/HaRo87/mdbom">https://github.com/HaRo87/mdbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://haro87.github.io/mdbom/">https://haro87.github.io/mdbom/</a></td></tr><tr style="height: 20px"><th id="0R57" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">58</div></th><td class="s1" dir="ltr">OpenRewrite</td><td class="s2" dir="ltr">OpenRewrite Project</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Rewrite is a mass refactoring system designed to eliminate technical debt across an engineering. The project can generate CycloneDX SBOMs when refactoring</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/openrewrite/rewrite">https://github.com/openrewrite/rewrite</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/openrewrite/rewrite">https://github.com/openrewrite/rewrite</a></td></tr><tr style="height: 20px"><th id="0R58" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">59</div></th><td class="s1" dir="ltr">Defect Dojo</td><td class="s2" dir="ltr">OWASP</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Open source vulnerability management and automation platform that can import CycloneDX SBOMs containing vulnerability information</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/DefectDojo/django-DefectDojo">https://github.com/DefectDojo/django-DefectDojo</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.defectdojo.org/">https://www.defectdojo.org/</a></td></tr><tr style="height: 20px"><th id="0R59" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">60</div></th><td class="s1" dir="ltr">OSS Inventory</td><td class="s2" dir="ltr">Thiago Pinto</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Imports CycloneDX SBOMs and visualizes OSS statistics</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td></tr><tr style="height: 20px"><th id="0R60" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">61</div></th><td class="s1" dir="ltr">Fortress File Integrity Assurance</td><td class="s2" dir="ltr">Fortress Information Security</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">Creates SBOM from binary or archive consumes externally provided SBOM enriches SBOM with Fortress risk analysis integrates via API to support continuous monitoring of software assurance.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://fortressinfosec.com/solutions/file-integrity-assurance">https://fortressinfosec.com/solutions/file-integrity-assurance</a></td></tr><tr style="height: 20px"><th id="0R61" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">62</div></th><td class="s1" dir="ltr">Fortress Asset 2 Vendor</td><td class="s2" dir="ltr">Fortress Information Security</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">distribute</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">Comprehensive Cyber Supply Chain Risk Management data library that ingests analyzes and securely shares SBOMs HBOMs and other supply chain attestations via SaaS and permissioned blockchain solutions to facilitate Supplier to Asset Owner trust conversations.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://assettovendor.com/">https://assettovendor.com/</a></td></tr><tr style="height: 20px"><th id="0R62" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">63</div></th><td class="s1" dir="ltr">Software Assurance Guardian Point Man</td><td class="s2" dir="ltr">Reliable Energy Analytics LLC</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">SAG-PM processes CycloneDX SBOM’s as part of a seven step software supply chain risk assessment</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://reliableenergyanalytics.com/products">https://reliableenergyanalytics.com/products</a></td></tr><tr style="height: 20px"><th id="0R63" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">64</div></th><td class="s1" dir="ltr">Cybeats SBOM Studio</td><td class="s2" dir="ltr">Cybeats Technologies Inc.</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">Analyzes IoT firmware and generates SBOMs with the runtime data information for more precise identification of vulnerabilities and exploits abilities</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://cybeats.com">https://cybeats.com</a></td></tr><tr style="height: 20px"><th id="0R64" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">65</div></th><td class="s1" dir="ltr">TrustSource</td><td class="s2" dir="ltr">TrustSource</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">TrustSource is a SaaS platform for implementing and maintaining open source compliance (ISO 5230 compliant). It can import CycloneDX match them with its own information and add them to projects as modules for further analysis.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.trustsource.io/">https://www.trustsource.io/</a></td></tr><tr style="height: 20px"><th id="0R65" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">66</div></th><td class="s1" dir="ltr">JDisc Discovery</td><td class="s2" dir="ltr">JDisc</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Network discovery and IT inventory that can discover CycloneDX SBOMs on enterprise assets and ingest component inventory into the platform.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.jdisc.com/">https://www.jdisc.com/</a></td></tr><tr style="height: 20px"><th id="0R66" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">67</div></th><td class="s1" dir="ltr">PulseUno Plugin for Dimensions CM</td><td class="s2" dir="ltr">Microfocus</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">build-integration</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">PulseUno enables development teams to continually build and inspect the health and quality of code using plugins such as CycloneDX. Teams can use this information to help decide when changes are ready to be merged deployed and released.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.microfocus.com/en-us/products/dimensions-cm">https://www.microfocus.com/en-us/products/dimensions-cm</a></td></tr><tr style="height: 20px"><th id="0R67" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">68</div></th><td class="s1" dir="ltr">CycloneDX GoMod Generate SBOM</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">GitHub action which generates CycloneDX SBOMs from Go modules</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-gomod-generate-sbom">https://github.com/CycloneDX/gh-gomod-generate-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-gomod-generate-sbom">https://github.com/marketplace/actions/cyclonedx-gomod-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R68" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">69</div></th><td class="s1" dir="ltr">BOM Repository Server</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">distribute</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">A lightweight repository server used to publish manage and distribute CycloneDX SBOMs</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-bom-repo-server">https://github.com/CycloneDX/cyclonedx-bom-repo-server</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-bom-repo-server">https://github.com/CycloneDX/cyclonedx-bom-repo-server</a></td></tr><tr style="height: 20px"><th id="0R69" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">70</div></th><td class="s1" dir="ltr">ittosai</td><td class="s2" dir="ltr">DevOps KungFu Masters</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">ittosai is a CycloneDX SBOM vulnerability analyzer that analyzes SBOMs every time a developer commits code to a repository</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/devops-kung-fu/ittosai">https://github.com/devops-kung-fu/ittosai</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://dkfm.io/">https://dkfm.io/</a></td></tr><tr style="height: 20px"><th id="0R70" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">71</div></th><td class="s1" dir="ltr">CodeSentry</td><td class="s2" dir="ltr">GrammaTech</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Software Composition Analysis (SCA) platform that leverages binary analysis to identify components inherited risk and communicates inventory through CycloneDX SBOMs</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.grammatech.com/codesentry-sca">https://www.grammatech.com/codesentry-sca</a></td></tr><tr style="height: 20px"><th id="0R71" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">72</div></th><td class="s1" dir="ltr">Heimdall</td><td class="s2" dir="ltr">Medcrypt</td><td class="s2" dir="ltr">Find Vuln</td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">Automatically extract or manually upload your Software Bill of Materials (SBOM) and Heimdall will on a continual basis identify known vulnerabilities affecting your software components</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://medcrypt.com/heimdall.html">https://medcrypt.com/heimdall.html</a></td></tr><tr style="height: 20px"><th id="0R72" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">73</div></th><td class="s1" dir="ltr">Contrast Security</td><td class="s2" dir="ltr">Contrast Security</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Automatically generates component inventory from runtime analysis (IAST or RASP) and generates CycloneDX SBOMs</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.contrastsecurity.com/">https://www.contrastsecurity.com/</a></td></tr><tr style="height: 20px"><th id="0R73" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">74</div></th><td class="s1" dir="ltr">Salus</td><td class="s2" dir="ltr">Coinbase</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Salus is a tool for coordinating the execution of security scanners. Salus can generate CycloneDX SBOMs from many language ecosystems.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/coinbase/salus">https://github.com/coinbase/salus</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/coinbase/salus">https://github.com/coinbase/salus</a></td></tr><tr style="height: 20px"><th id="0R74" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">75</div></th><td class="s1" dir="ltr">Codenotary vcn</td><td class="s2" dir="ltr">Codenotary</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Protects an organizations software development pipeline from supply chain attacks. Codenotary natively supports CycloneDX SBOMs.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/codenotary/vcn">https://github.com/codenotary/vcn</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://codenotary.com/">https://codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R75" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">76</div></th><td class="s1" dir="ltr">CodeNotary CAS</td><td class="s2" dir="ltr">CodeNotary</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">CAS is an open source attestation service for the community. Notarize and authorize files directories git repos and Build SBOMs of containers. CAS natively supports CycloneDX SBOMs.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/codenotary/cas">https://github.com/codenotary/cas</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R76" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">77</div></th><td class="s1" dir="ltr">Codenotary CAS Notarize Docker Image and SBOM</td><td class="s2" dir="ltr">Codenotary</td><td class="s2" dir="ltr">Generate SBOM for Containers</td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">A GitHub Action which notarizes and creates an SBOM for Docker images.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cas-notarize-docker-image-and-sbom">https://github.com/marketplace/actions/cas-notarize-docker-image-and-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R77" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">78</div></th><td class="s1" dir="ltr">Codenotary CAS Authenticate Docker Image and SBOM</td><td class="s2" dir="ltr">Codenotary</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">github-action</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">A GitHub Action which authenticates notarized Docker images and SBOMs.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cas-authenticate-docker-image-sbom">https://github.com/marketplace/actions/cas-authenticate-docker-image-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R78" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">79</div></th><td class="s1" dir="ltr">Cosign</td><td class="s2" dir="ltr">Sigstore</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Container Signing Verification and Storage in an OCI registry including CycloneDX SBOMs</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sigstore/cosign">https://github.com/sigstore/cosign</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://sigstore.dev/">https://sigstore.dev/</a></td></tr><tr style="height: 20px"><th id="0R79" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">80</div></th><td class="s1" dir="ltr">Tern</td><td class="s2" dir="ltr">Tern</td><td class="s2" dir="ltr">Generate SBOM for Containers</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/tern-tools/tern">https://github.com/tern-tools/tern</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/tern-tools/tern">https://github.com/tern-tools/tern</a></td></tr><tr style="height: 20px"><th id="0R80" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">81</div></th><td class="s1" dir="ltr">Cybellum SBOM</td><td class="s2" dir="ltr">Cybellum Technologies LTD.</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Analyzes binary artifacts to generate SBoM including context based analysis to perform accurate vulnerability assessment</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://cybellum.com">https://cybellum.com</a></td></tr><tr style="height: 20px"><th id="0R81" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">82</div></th><td class="s1" dir="ltr">Scancode Toolkit</td><td class="s2" dir="ltr">nexB</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">ScanCode detects licenses copyrights package manifests & dependencies and more by scanning code to discover and inventory open source and third-party packages.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/nexB/scancode-toolkit">https://github.com/nexB/scancode-toolkit</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/nexB/scancode-toolkit">https://github.com/nexB/scancode-toolkit</a></td></tr><tr style="height: 20px"><th id="0R82" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">83</div></th><td class="s1" dir="ltr">swift-package-sbom-generator</td><td class="s2" dir="ltr">Mattt</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">A software bill of materials (SBOM) generator for Swift packages</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/mattt/swift-package-sbom">https://github.com/mattt/swift-package-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/mattt/swift-package-sbom">https://github.com/mattt/swift-package-sbom</a></td></tr><tr style="height: 20px"><th id="0R83" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">84</div></th><td class="s1" dir="ltr">SRC:CLR SBOM Generator</td><td class="s2" dir="ltr">Veracode</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Generates a Software Bill of Materials in CycloneDX JSON Format from Veracode SCA Agent results.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/veracode/srcclr_sbom_gen">https://github.com/veracode/srcclr_sbom_gen</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/veracode/srcclr_sbom_gen">https://github.com/veracode/srcclr_sbom_gen</a></td></tr><tr style="height: 20px"><th id="0R84" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">85</div></th><td class="s1" dir="ltr">NowSecure Platform</td><td class="s2" dir="ltr">NowSecure</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">NowSecure automates security and privacy testing of mobile applications through static and dynamic binary analysis. NowSecure identifies packages and native components bundled with mobile apps and exports inventory in CycloneDX format.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.nowsecure.com/">https://www.nowsecure.com/</a></td></tr><tr style="height: 20px"><th id="0R85" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">86</div></th><td class="s1" dir="ltr">Ion Channel Platform</td><td class="s2" dir="ltr">Ion Channel</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Ion Channel is a software supply chain assurance platform that transforms software inventory data into positive control of known and potential risks. Ion Channel consumes analyzes and exports CycloneDX SBOMs.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://ionchannel.io/">https://ionchannel.io/</a></td></tr><tr style="height: 20px"><th id="0R86" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">87</div></th><td class="s1" dir="ltr">CycloneDX for Conan</td><td class="s2" dir="ltr">CycloneDX</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX Software Bill of Materials (SBOM) for C/C++ projects using Conan</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-conan">https://github.com/CycloneDX/cyclonedx-conan</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-conan">https://github.com/CycloneDX/cyclonedx-conan</a></td></tr><tr style="height: 20px"><th id="0R87" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">88</div></th><td class="s1" dir="ltr">Checkov</td><td class="s2" dir="ltr">Checkov</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Prevent cloud misconfigurations during build-time for Terraform Cloudformation Kubernetes Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew. Can output to CycloneDX.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/bridgecrewio/checkov">https://github.com/bridgecrewio/checkov</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.checkov.io/">https://www.checkov.io/</a></td></tr><tr style="height: 20px"><th id="0R88" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">89</div></th><td class="s1" dir="ltr">SBOM CLI</td><td class="s2" dir="ltr">Defense Unicorns</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Creates CycloneDX SBOMs from Kubernetes Helm charts</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/defenseunicorns/sbom-cli">https://github.com/defenseunicorns/sbom-cli</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/defenseunicorns/sbom-cli">https://github.com/defenseunicorns/sbom-cli</a></td></tr><tr style="height: 20px"><th id="0R89" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">90</div></th><td class="s1" dir="ltr">CxSCA</td><td class="s2" dir="ltr">Checkmarx</td><td class="s2"></td><td class="s2" dir="ltr">analysis</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Checkmarx SCA is a Software Composition Analysis (SCA) platform that can produce CycloneDX SBOMs</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://checkmarx.com/product/cxsca-open-source-scanning">https://checkmarx.com/product/cxsca-open-source-scanning</a></td></tr><tr style="height: 20px"><th id="0R90" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">91</div></th><td class="s1" dir="ltr">Ochrona CLI</td><td class="s2" dir="ltr">Ochrona</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs. Output CycloneDX of all dependencies.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/ochronasec/ochrona-cli">https://github.com/ochronasec/ochrona-cli</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://ochrona.dev/">https://ochrona.dev/</a></td></tr><tr style="height: 20px"><th id="0R91" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">92</div></th><td class="s1" dir="ltr">pip-audit</td><td class="s2" dir="ltr">Trail of Bits</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">analysis</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Audits Python environments and dependency trees for known vulnerabilities. Generates CycloneDX SBOM of vulnerable components.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/trailofbits/pip-audit">https://github.com/trailofbits/pip-audit</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/trailofbits/pip-audit">https://github.com/trailofbits/pip-audit</a></td></tr><tr style="height: 20px"><th id="0R92" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">93</div></th><td class="s1" dir="ltr">RKVST SBOM Hub</td><td class="s2" dir="ltr">Jitsuin</td><td class="s2"></td><td class="s2" dir="ltr">distribute</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">A free SaaS repo to find and fetch public or private CycloneDX v1.4 BOMs. RKVST sustains and enhances SaaS/S/H/C-BOM or VEX publishing and consumption by tracing provenance governing permissioned distribution and proving immutable assurance...</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/jitsuin-inc/archivist-samples/tree/main/archivist_samples/software_bill_of_materials">https://github.com/jitsuin-inc/archivist-samples/tree/main/archivist_samples/software_bill_of_materials</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://sbom.rkvst.io">https://sbom.rkvst.io</a></td></tr><tr style="height: 20px"><th id="0R93" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">94</div></th><td class="s1" dir="ltr">WpBom</td><td class="s2" dir="ltr">Sepbit</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">WordPress integration with OWASP CycloneDX and Dependency Track</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/sepbit/wpbom">https://github.com/sepbit/wpbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://wordpress.org/plugins/wpbom/">https://wordpress.org/plugins/wpbom/</a></td></tr><tr style="height: 20px"><th id="0R94" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">95</div></th><td class="s1" dir="ltr">Meterian BOSS scanner</td><td class="s2" dir="ltr">Meterian</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">build-integration</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">Software composition analysis for codebases providing precise and comprehensive CycloneDX SBOMs for open source and private source code projects. Supports all major ecosystems Java NodeJS .NET Go Rust Swift Python Ruby PHP C/C++ Perl</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://meterian.io/products/boss">https://meterian.io/products/boss</a></td></tr><tr style="height: 20px"><th id="0R95" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">96</div></th><td class="s1" dir="ltr">Spack</td><td class="s2" dir="ltr">Spack</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Spack is a package manager for supercomputers Linux and macOS. The package managers can export inventory in CycloneDX.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/spack/spack-sbom">https://github.com/spack/spack-sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://spack.io/">https://spack.io/</a></td></tr><tr style="height: 20px"><th id="0R96" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">97</div></th><td class="s1" dir="ltr">build-info-go</td><td class="s2" dir="ltr">JFrog</td><td class="s2"></td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">build-info-go is a Go library and a CLI which allows generating build-info and CycloneDX for a source code project.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/jfrog/build-info-go">https://github.com/jfrog/build-info-go</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/jfrog/build-info-go">https://github.com/jfrog/build-info-go</a></td></tr><tr style="height: 20px"><th id="0R97" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">98</div></th><td class="s1" dir="ltr">Kyverno</td><td class="s2" dir="ltr">Kyverno</td><td class="s2" dir="ltr"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Kyverno is a policy engine designed for Kubernetes. It can validate mutate and generate configurations using admission controls and background scans.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/kyverno/kyverno">https://github.com/kyverno/kyverno</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/kyverno/kyverno">https://github.com/kyverno/kyverno</a></td></tr><tr style="height: 20px"><th id="0R98" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">99</div></th><td class="s1" dir="ltr">jbom</td><td class="s2" dir="ltr">Contrast Security</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">jbom generates a CycloneDX Software Bill of Materials (SBOM) for apps on a running JVM</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/Contrast-Security-OSS/jbom">https://github.com/Contrast-Security-OSS/jbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/Contrast-Security-OSS/jbom">https://github.com/Contrast-Security-OSS/jbom</a></td></tr><tr style="height: 20px"><th id="0R99" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">100</div></th><td class="s1" dir="ltr">KICS</td><td class="s2" dir="ltr">Checkmarx</td><td class="s2"></td><td class="s2" dir="ltr">opensource</td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2" dir="ltr">Find security vulnerabilities compliance issues and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/Checkmarx/kics">https://github.com/Checkmarx/kics</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.kics.io/">https://www.kics.io/</a></td></tr><tr style="height: 20px"><th id="0R100" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">101</div></th><td class="s1" dir="ltr">Xray</td><td class="s2" dir="ltr">JFrog</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">NA</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s3" dir="ltr">1</td><td class="s2" dir="ltr">JFrog Xray is a software composition analysis (SCA) solution that proactively identifies vulnerabilities and license violations in open source. Xray generates CycloneDX SBOMs.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://jfrog.com/xray/">https://jfrog.com/xray/</a></td></tr><tr style="height: 20px"><th id="0R101" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">102</div></th><td class="s1" dir="ltr">apt2sbom</td><td class="s2" dir="ltr">Eliot Lear</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">build-integration</td><td class="s3" dir="ltr">1</td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">Build an SBOM out of APT and python information</td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/elear/apt2sbom">https://github.com/elear/apt2sbom</a></td><td class="s4" dir="ltr"><a target="_blank" href="https://github.com/elear/apt2sbom">https://github.com/elear/apt2sbom</a></td></tr><tr style="height: 20px"><th id="0R102" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">103</div></th><td class="s1" dir="ltr">NetRise Turbine</td><td class="s2" dir="ltr">NetRise</td><td class="s2" dir="ltr">Generate SBoM</td><td class="s2" dir="ltr">NA</td><td class="s2" dir="ltr"></td><td class="s2"></td><td class="s2"></td><td class="s2" dir="ltr">NetRise Turbine is a firmware analysis platform that creates SBOMs by analyzing binary artifacts and other key components such as configuration files credentials and cryptographic artifacts for maximum visibility and holistic risk identification.</td><td class="s2" dir="ltr"></td><td class="s4" dir="ltr"><a target="_blank" href="https://www.netrise.io/">https://www.netrise.io/</a></td></tr><tr style="height: 20px"><th id="0R103" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">104</div></th><td class="s5" dir="ltr">CycloneDX Rust</td><td class="s6" dir="ltr">Mark Dodgson</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">1</td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">A Rust library to encode and decode the CycloneDX object model</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/doddi/cyclonedx-rust">https://github.com/doddi/cyclonedx-rust</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/doddi/cyclonedx-rust">https://github.com/doddi/cyclonedx-rust</a></td></tr><tr style="height: 20px"><th id="0R104" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">105</div></th><td class="s5" dir="ltr">CycloneDX for Cocoapods</td><td class="s6" dir="ltr">CycloneDX</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Creates CycloneDX SBOMs for iOS Objective-C and Swift projects</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cocoapods">https://github.com/CycloneDX/cyclonedx-cocoapods</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-cocoapods">https://github.com/CycloneDX/cyclonedx-cocoapods</a></td></tr><tr style="height: 20px"><th id="0R105" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">106</div></th><td class="s5" dir="ltr">mdbom</td><td class="s6" dir="ltr">Robert Hansel</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Transforms CycloneDX SBOMs to Markdown</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/HaRo87/mdbom">https://github.com/HaRo87/mdbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://haro87.github.io/mdbom/">https://haro87.github.io/mdbom/</a></td></tr><tr style="height: 20px"><th id="0R106" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">107</div></th><td class="s5" dir="ltr">OpenRewrite</td><td class="s6" dir="ltr">OpenRewrite Project</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Rewrite is a mass refactoring system designed to eliminate technical debt across an engineering. The project can generate CycloneDX SBOMs when refactoring</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/openrewrite/rewrite">https://github.com/openrewrite/rewrite</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/openrewrite/rewrite">https://github.com/openrewrite/rewrite</a></td></tr><tr style="height: 20px"><th id="0R107" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">108</div></th><td class="s5" dir="ltr">Defect Dojo</td><td class="s6" dir="ltr">OWASP</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Open source vulnerability management and automation platform that can import CycloneDX SBOMs containing vulnerability information</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/DefectDojo/django-DefectDojo">https://github.com/DefectDojo/django-DefectDojo</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.defectdojo.org/">https://www.defectdojo.org/</a></td></tr><tr style="height: 20px"><th id="0R108" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">109</div></th><td class="s5" dir="ltr">OSS Inventory</td><td class="s6" dir="ltr">Thiago Pinto</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Imports CycloneDX SBOMs and visualizes OSS statistics</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/thspinto/oss_inventory">https://github.com/thspinto/oss_inventory</a></td></tr><tr style="height: 20px"><th id="0R109" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">110</div></th><td class="s5" dir="ltr">Fortress File Integrity Assurance</td><td class="s6" dir="ltr">Fortress Information Security</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s2"></td><td class="s6" dir="ltr">Creates SBOM from binary or archive consumes externally provided SBOM enriches SBOM with Fortress risk analysis integrates via API to support continuous monitoring of software assurance.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://fortressinfosec.com/solutions/file-integrity-assurance">https://fortressinfosec.com/solutions/file-integrity-assurance</a></td></tr><tr style="height: 20px"><th id="0R110" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">111</div></th><td class="s5" dir="ltr">Fortress Asset 2 Vendor</td><td class="s6" dir="ltr">Fortress Information Security</td><td class="s6"></td><td class="s6" dir="ltr">distribute</td><td class="s6"></td><td class="s6"></td><td class="s3" dir="ltr"></td><td class="s6" dir="ltr">Comprehensive Cyber Supply Chain Risk Management data library that ingests analyzes and securely shares SBOMs HBOMs and other supply chain attestations via SaaS and permissioned blockchain solutions to facilitate Supplier to Asset Owner trust conversations.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://assettovendor.com/">https://assettovendor.com/</a></td></tr><tr style="height: 20px"><th id="0R111" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">112</div></th><td class="s5" dir="ltr">Software Assurance Guardian Point Man</td><td class="s6" dir="ltr">Reliable Energy Analytics LLC</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">SAG-PM processes CycloneDX SBOM’s as part of a seven step software supply chain risk assessment</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://reliableenergyanalytics.com/products">https://reliableenergyanalytics.com/products</a></td></tr><tr style="height: 20px"><th id="0R112" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">113</div></th><td class="s5" dir="ltr">Cybeats SBOM Studio</td><td class="s6" dir="ltr">Cybeats Technologies Inc.</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s3" dir="ltr"></td><td class="s6" dir="ltr">Analyzes IoT firmware and generates SBOMs with the runtime data information for more precise identification of vulnerabilities and exploits abilities</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://cybeats.com">https://cybeats.com</a></td></tr><tr style="height: 20px"><th id="0R113" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">114</div></th><td class="s5" dir="ltr">TrustSource</td><td class="s6" dir="ltr">TrustSource</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">TrustSource is a SaaS platform for implementing and maintaining open source compliance (ISO 5230 compliant). It can import CycloneDX match them with its own information and add them to projects as modules for further analysis.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.trustsource.io/">https://www.trustsource.io/</a></td></tr><tr style="height: 20px"><th id="0R114" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">115</div></th><td class="s5" dir="ltr">JDisc Discovery</td><td class="s6" dir="ltr">JDisc</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">Network discovery and IT inventory that can discover CycloneDX SBOMs on enterprise assets and ingest component inventory into the platform.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.jdisc.com/">https://www.jdisc.com/</a></td></tr><tr style="height: 20px"><th id="0R115" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">116</div></th><td class="s5" dir="ltr">PulseUno Plugin for Dimensions CM</td><td class="s6" dir="ltr">Microfocus</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6"></td><td class="s6"></td><td class="s2"></td><td class="s6" dir="ltr">PulseUno enables development teams to continually build and inspect the health and quality of code using plugins such as CycloneDX. Teams can use this information to help decide when changes are ready to be merged deployed and released.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.microfocus.com/en-us/products/dimensions-cm">https://www.microfocus.com/en-us/products/dimensions-cm</a></td></tr><tr style="height: 20px"><th id="0R116" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">117</div></th><td class="s5" dir="ltr">CycloneDX GoMod Generate SBOM</td><td class="s6" dir="ltr">CycloneDX</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">github-action</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s3" dir="ltr">1</td><td class="s6" dir="ltr">GitHub action which generates CycloneDX SBOMs from Go modules</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/gh-gomod-generate-sbom">https://github.com/CycloneDX/gh-gomod-generate-sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cyclonedx-gomod-generate-sbom">https://github.com/marketplace/actions/cyclonedx-gomod-generate-sbom</a></td></tr><tr style="height: 20px"><th id="0R117" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">118</div></th><td class="s5" dir="ltr">BOM Repository Server</td><td class="s6" dir="ltr">CycloneDX</td><td class="s6"></td><td class="s6" dir="ltr">distribute</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">A lightweight repository server used to publish manage and distribute CycloneDX SBOMs</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-bom-repo-server">https://github.com/CycloneDX/cyclonedx-bom-repo-server</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-bom-repo-server">https://github.com/CycloneDX/cyclonedx-bom-repo-server</a></td></tr><tr style="height: 20px"><th id="0R118" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">119</div></th><td class="s5" dir="ltr">ittosai</td><td class="s6" dir="ltr">DevOps KungFu Masters</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">ittosai is a CycloneDX SBOM vulnerability analyzer that analyzes SBOMs every time a developer commits code to a repository</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/devops-kung-fu/ittosai">https://github.com/devops-kung-fu/ittosai</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://dkfm.io/">https://dkfm.io/</a></td></tr><tr style="height: 20px"><th id="0R119" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">120</div></th><td class="s5" dir="ltr">CodeSentry</td><td class="s6" dir="ltr">GrammaTech</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Software Composition Analysis (SCA) platform that leverages binary analysis to identify components inherited risk and communicates inventory through CycloneDX SBOMs</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.grammatech.com/codesentry-sca">https://www.grammatech.com/codesentry-sca</a></td></tr><tr style="height: 20px"><th id="0R120" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">121</div></th><td class="s5" dir="ltr">Heimdall</td><td class="s6" dir="ltr">Medcrypt</td><td class="s6" dir="ltr">Find Vuln</td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Automatically extract or manually upload your Software Bill of Materials (SBOM) and Heimdall will on a continual basis identify known vulnerabilities affecting your software components</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://medcrypt.com/heimdall.html">https://medcrypt.com/heimdall.html</a></td></tr><tr style="height: 20px"><th id="0R121" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">122</div></th><td class="s5" dir="ltr">Contrast Security</td><td class="s6" dir="ltr">Contrast Security</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Automatically generates component inventory from runtime analysis (IAST or RASP) and generates CycloneDX SBOMs</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.contrastsecurity.com/">https://www.contrastsecurity.com/</a></td></tr><tr style="height: 20px"><th id="0R122" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">123</div></th><td class="s5" dir="ltr">Salus</td><td class="s6" dir="ltr">Coinbase</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Salus is a tool for coordinating the execution of security scanners. Salus can generate CycloneDX SBOMs from many language ecosystems.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/coinbase/salus">https://github.com/coinbase/salus</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/coinbase/salus">https://github.com/coinbase/salus</a></td></tr><tr style="height: 20px"><th id="0R123" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">124</div></th><td class="s5" dir="ltr">Codenotary vcn</td><td class="s6" dir="ltr">Codenotary</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Protects an organizations software development pipeline from supply chain attacks. Codenotary natively supports CycloneDX SBOMs.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/codenotary/vcn">https://github.com/codenotary/vcn</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://codenotary.com/">https://codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R124" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">125</div></th><td class="s5" dir="ltr">CodeNotary CAS</td><td class="s6" dir="ltr">CodeNotary</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">CAS is an open source attestation service for the community. Notarize and authorize files directories git repos and Build SBOMs of containers. CAS natively supports CycloneDX SBOMs.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/codenotary/cas">https://github.com/codenotary/cas</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R125" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">126</div></th><td class="s5" dir="ltr">Codenotary CAS Notarize Docker Image and SBOM</td><td class="s6" dir="ltr">Codenotary</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">github-action</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">A GitHub Action which notarizes and creates an SBOM for Docker images.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cas-notarize-docker-image-and-sbom">https://github.com/marketplace/actions/cas-notarize-docker-image-and-sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R126" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">127</div></th><td class="s5" dir="ltr">Codenotary CAS Authenticate Docker Image and SBOM</td><td class="s6" dir="ltr">Codenotary</td><td class="s6"></td><td class="s6" dir="ltr">github-action</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">A GitHub Action which authenticates notarized Docker images and SBOMs.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/marketplace/actions/cas-authenticate-docker-image-sbom">https://github.com/marketplace/actions/cas-authenticate-docker-image-sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://cas.codenotary.com/">https://cas.codenotary.com/</a></td></tr><tr style="height: 20px"><th id="0R127" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">128</div></th><td class="s5" dir="ltr">Cosign</td><td class="s6" dir="ltr">Sigstore</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Container Signing Verification and Storage in an OCI registry including CycloneDX SBOMs</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/sigstore/cosign">https://github.com/sigstore/cosign</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://sigstore.dev/">https://sigstore.dev/</a></td></tr><tr style="height: 20px"><th id="0R128" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">129</div></th><td class="s5" dir="ltr">Tern</td><td class="s6" dir="ltr">Tern</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/tern-tools/tern">https://github.com/tern-tools/tern</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/tern-tools/tern">https://github.com/tern-tools/tern</a></td></tr><tr style="height: 20px"><th id="0R129" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">130</div></th><td class="s5" dir="ltr">Cybellum SBOM</td><td class="s6" dir="ltr">Cybellum Technologies LTD.</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Analyzes binary artifacts to generate SBoM including context based analysis to perform accurate vulnerability assessment</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://cybellum.com">https://cybellum.com</a></td></tr><tr style="height: 20px"><th id="0R130" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">131</div></th><td class="s5" dir="ltr">Scancode Toolkit</td><td class="s6" dir="ltr">nexB</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">ScanCode detects licenses copyrights package manifests & dependencies and more by scanning code to discover and inventory open source and third-party packages.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/nexB/scancode-toolkit">https://github.com/nexB/scancode-toolkit</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/nexB/scancode-toolkit">https://github.com/nexB/scancode-toolkit</a></td></tr><tr style="height: 20px"><th id="0R131" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">132</div></th><td class="s5" dir="ltr">swift-package-sbom-generator</td><td class="s6" dir="ltr">Mattt</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">A software bill of materials (SBOM) generator for Swift packages</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/mattt/swift-package-sbom">https://github.com/mattt/swift-package-sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/mattt/swift-package-sbom">https://github.com/mattt/swift-package-sbom</a></td></tr><tr style="height: 20px"><th id="0R132" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">133</div></th><td class="s5" dir="ltr">SRC:CLR SBOM Generator</td><td class="s6" dir="ltr">Veracode</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Generates a Software Bill of Materials in CycloneDX JSON Format from Veracode SCA Agent results.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/veracode/srcclr_sbom_gen">https://github.com/veracode/srcclr_sbom_gen</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/veracode/srcclr_sbom_gen">https://github.com/veracode/srcclr_sbom_gen</a></td></tr><tr style="height: 20px"><th id="0R133" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">134</div></th><td class="s5" dir="ltr">NowSecure Platform</td><td class="s6" dir="ltr">NowSecure</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">NowSecure automates security and privacy testing of mobile applications through static and dynamic binary analysis. NowSecure identifies packages and native components bundled with mobile apps and exports inventory in CycloneDX format.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.nowsecure.com/">https://www.nowsecure.com/</a></td></tr><tr style="height: 20px"><th id="0R134" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">135</div></th><td class="s5" dir="ltr">Ion Channel Platform</td><td class="s6" dir="ltr">Ion Channel</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Ion Channel is a software supply chain assurance platform that transforms software inventory data into positive control of known and potential risks. Ion Channel consumes analyzes and exports CycloneDX SBOMs.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://ionchannel.io/">https://ionchannel.io/</a></td></tr><tr style="height: 20px"><th id="0R135" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">136</div></th><td class="s5" dir="ltr">CycloneDX for Conan</td><td class="s6" dir="ltr">CycloneDX</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Creates CycloneDX Software Bill of Materials (SBOM) for C/C++ projects using Conan</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-conan">https://github.com/CycloneDX/cyclonedx-conan</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/CycloneDX/cyclonedx-conan">https://github.com/CycloneDX/cyclonedx-conan</a></td></tr><tr style="height: 20px"><th id="0R136" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">137</div></th><td class="s5" dir="ltr">Checkov</td><td class="s6" dir="ltr">Checkov</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Prevent cloud misconfigurations during build-time for Terraform Cloudformation Kubernetes Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew. Can output to CycloneDX.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/bridgecrewio/checkov">https://github.com/bridgecrewio/checkov</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.checkov.io/">https://www.checkov.io/</a></td></tr><tr style="height: 20px"><th id="0R137" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">138</div></th><td class="s5" dir="ltr">SBOM CLI</td><td class="s6" dir="ltr">Defense Unicorns</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Creates CycloneDX SBOMs from Kubernetes Helm charts</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/defenseunicorns/sbom-cli">https://github.com/defenseunicorns/sbom-cli</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/defenseunicorns/sbom-cli">https://github.com/defenseunicorns/sbom-cli</a></td></tr><tr style="height: 20px"><th id="0R138" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">139</div></th><td class="s5" dir="ltr">CxSCA</td><td class="s6" dir="ltr">Checkmarx</td><td class="s6"></td><td class="s6" dir="ltr">analysis</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Checkmarx SCA is a Software Composition Analysis (SCA) platform that can produce CycloneDX SBOMs</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://checkmarx.com/product/cxsca-open-source-scanning">https://checkmarx.com/product/cxsca-open-source-scanning</a></td></tr><tr style="height: 20px"><th id="0R139" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">140</div></th><td class="s5" dir="ltr">Ochrona CLI</td><td class="s6" dir="ltr">Ochrona</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs. Output CycloneDX of all dependencies.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/ochronasec/ochrona-cli">https://github.com/ochronasec/ochrona-cli</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://ochrona.dev/">https://ochrona.dev/</a></td></tr><tr style="height: 20px"><th id="0R140" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">141</div></th><td class="s5" dir="ltr">pip-audit</td><td class="s6" dir="ltr">Trail of Bits</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">analysis</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Audits Python environments and dependency trees for known vulnerabilities. Generates CycloneDX SBOM of vulnerable components.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/trailofbits/pip-audit">https://github.com/trailofbits/pip-audit</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/trailofbits/pip-audit">https://github.com/trailofbits/pip-audit</a></td></tr><tr style="height: 20px"><th id="0R141" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">142</div></th><td class="s5" dir="ltr">RKVST SBOM Hub</td><td class="s6" dir="ltr">Jitsuin</td><td class="s6"></td><td class="s6" dir="ltr">distribute</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">A free SaaS repo to find and fetch public or private CycloneDX v1.4 BOMs. RKVST sustains and enhances SaaS/S/H/C-BOM or VEX publishing and consumption by tracing provenance governing permissioned distribution and proving immutable assurance...</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/jitsuin-inc/archivist-samples/tree/main/archivist_samples/software_bill_of_materials">https://github.com/jitsuin-inc/archivist-samples/tree/main/archivist_samples/software_bill_of_materials</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://sbom.rkvst.io">https://sbom.rkvst.io</a></td></tr><tr style="height: 20px"><th id="0R142" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">143</div></th><td class="s5" dir="ltr">WpBom</td><td class="s6" dir="ltr">Sepbit</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">WordPress integration with OWASP CycloneDX and Dependency Track</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/sepbit/wpbom">https://github.com/sepbit/wpbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://wordpress.org/plugins/wpbom/">https://wordpress.org/plugins/wpbom/</a></td></tr><tr style="height: 20px"><th id="0R143" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">144</div></th><td class="s5" dir="ltr">Meterian BOSS scanner</td><td class="s6" dir="ltr">Meterian</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">Software composition analysis for codebases providing precise and comprehensive CycloneDX SBOMs for open source and private source code projects. Supports all major ecosystems Java NodeJS .NET Go Rust Swift Python Ruby PHP C/C++ Perl</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://meterian.io/products/boss">https://meterian.io/products/boss</a></td></tr><tr style="height: 20px"><th id="0R144" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">145</div></th><td class="s5" dir="ltr">Spack</td><td class="s6" dir="ltr">Spack</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Spack is a package manager for supercomputers Linux and macOS. The package managers can export inventory in CycloneDX.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/spack/spack-sbom">https://github.com/spack/spack-sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://spack.io/">https://spack.io/</a></td></tr><tr style="height: 20px"><th id="0R145" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">146</div></th><td class="s5" dir="ltr">build-info-go</td><td class="s6" dir="ltr">JFrog</td><td class="s6"></td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">build-info-go is a Go library and a CLI which allows generating build-info and CycloneDX for a source code project.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/jfrog/build-info-go">https://github.com/jfrog/build-info-go</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/jfrog/build-info-go">https://github.com/jfrog/build-info-go</a></td></tr><tr style="height: 20px"><th id="0R146" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">147</div></th><td class="s5" dir="ltr">Kyverno</td><td class="s6" dir="ltr">Kyverno</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Kyverno is a policy engine designed for Kubernetes. It can validate mutate and generate configurations using admission controls and background scans.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/kyverno/kyverno">https://github.com/kyverno/kyverno</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/kyverno/kyverno">https://github.com/kyverno/kyverno</a></td></tr><tr style="height: 20px"><th id="0R147" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">148</div></th><td class="s5" dir="ltr">jbom</td><td class="s6" dir="ltr">Contrast Security</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">jbom generates a CycloneDX Software Bill of Materials (SBOM) for apps on a running JVM</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/Contrast-Security-OSS/jbom">https://github.com/Contrast-Security-OSS/jbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/Contrast-Security-OSS/jbom">https://github.com/Contrast-Security-OSS/jbom</a></td></tr><tr style="height: 20px"><th id="0R148" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">149</div></th><td class="s5" dir="ltr">KICS</td><td class="s6" dir="ltr">Checkmarx</td><td class="s6"></td><td class="s6" dir="ltr">NA</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Find security vulnerabilities compliance issues and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/Checkmarx/kics">https://github.com/Checkmarx/kics</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.kics.io/">https://www.kics.io/</a></td></tr><tr style="height: 20px"><th id="0R149" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">150</div></th><td class="s5" dir="ltr">Xray</td><td class="s6" dir="ltr">JFrog</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">NA</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">1</td><td class="s6" dir="ltr">JFrog Xray is a software composition analysis (SCA) solution that proactively identifies vulnerabilities and license violations in open source. Xray generates CycloneDX SBOMs.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://jfrog.com/xray/">https://jfrog.com/xray/</a></td></tr><tr style="height: 20px"><th id="0R150" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">151</div></th><td class="s5" dir="ltr">apt2sbom</td><td class="s6" dir="ltr">Eliot Lear</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">build-integration</td><td class="s6" dir="ltr">1</td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">Build an SBOM out of APT and python information</td><td class="s7" dir="ltr"><a target="_blank" href="https://github.com/elear/apt2sbom">https://github.com/elear/apt2sbom</a></td><td class="s8" dir="ltr"><a target="_blank" href="https://github.com/elear/apt2sbom">https://github.com/elear/apt2sbom</a></td></tr><tr style="height: 20px"><th id="0R151" style="height: 20px;" class="row-headers-background"><div class="row-header-wrapper" style="line-height: 20px">152</div></th><td class="s5" dir="ltr">NetRise Turbine</td><td class="s6" dir="ltr">NetRise</td><td class="s6" dir="ltr">Generate SBoM</td><td class="s6" dir="ltr">NA</td><td class="s6"></td><td class="s6"></td><td class="s6"></td><td class="s6" dir="ltr">NetRise Turbine is a firmware analysis platform that creates SBOMs by analyzing binary artifacts and other key components such as configuration files credentials and cryptographic artifacts for maximum visibility and holistic risk identification.</td><td class="s6"></td><td class="s8" dir="ltr"><a target="_blank" href="https://www.netrise.io/">https://www.netrise.io/</a></td></tr></tbody></table></div>