Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tools to add to the Catalog (The Christmas tree issue) #72

Open
Mariuxdeangelo opened this issue Aug 27, 2024 · 0 comments
Open

Tools to add to the Catalog (The Christmas tree issue) #72

Mariuxdeangelo opened this issue Aug 27, 2024 · 0 comments
Assignees
@Mariuxdeangelo

Comments

@Mariuxdeangelo
Copy link
Collaborator

Mariuxdeangelo commented Aug 27, 2024
edited
Loading

A list of all the Projects that are added / could be added to the Landscape

SPDX Open Source Tools here

  • Augur #Unrelated
  • bom
  • Cavil #consume
  • CycloneDX CLI
  • distro2sbom
  • FOSSLight
  • FOSSoloy (No obvious SBOM support)
  • Github Service SBOMs
  • in-toto (additional standard)
  • lib4sbom
  • Nix/Nixpkgs
  • ntia-conformance-checker
  • ORT
  • Protobom
  • REUSE
  • sbom-manager
  • sbom2doc
  • sbom2dot
  • sbom4files
  • sbom4python
  • sbom4rust
  • sbomaudit
  • sbomdiff
  • sbommerge
  • sbomqs
  • sbomtrend
  • sbom-tool
  • ScanCode Toolkit
  • SCANOSS
  • SPDX Golang Libraries
  • SPDX Java Libraries and Tools
  • SPDX JavaScript Libraaries
  • SPDX Maven Plugin
  • SPDX Online Tools
  • SPDX Pyhton Libraries
  • spdx-sbom-generator
  • SW360
  • Syft
  • Tern
  • Yocto Project / OpenEmbedded

SPDX Propritary Tools here

  • Black Duck SCA
  • BlackBerry Jarvis
  • Cybeats SBOM Studio
  • CyberProtek
  • DejaCode
  • FACT
  • FOSSID
  • Fortress File Integrity Assurance FIA
  • Innterlynk
  • Manifest
  • MedScan
  • RKVST SBOM Hub
  • SBOM Observer
  • Snyk
  • Software Assurance Guardian Point Man (SAG-PM)
  • Source Auditor
  • TrustSource
  • Vigilant Ops InSight
  • Vulert

CycloneDx Tools here

  • Abom
  • Action Owasp dependency track check
  • Apiiro
  • apko (releated)
  • apt2sbom
  • Arinca
  • Arsenal
  • asdf-cyclonedx
  • athena
  • Auditjs
  • Beniva SBOM
  • Black Duck
  • BlackBerry Jarvis
  • BOM Repository Server
  • Bomber
  • bombon
  • build info go
  • Bytesafe
  • CAST Hihlight
  • cdx-central
  • cdx-vs-cdx
  • cdxgen
  • Checkov
  • Chelsea
  • CodeNotary CAS
  • Codenotary CAS Authenticate Docker Image and SBOM
  • Codenotary CAS Notarize Docker Image and SBOM
  • Codenotary vcn
  • CodeSentry
  • Continuous Clearing
  • Contrast Security
  • Cosign
  • Covenant
  • cve-bin-tool
  • CxSCA
  • Cybeast SBOM Studio
  • Cybellum SBOM
  • CycloneDX -NET generate SBOM
  • CycloneDX CLI
  • CycloneDX Core for Java
  • CycloneDX for .NET
  • CycloneDX for Bower #Old-2
  • CycloneDX for Cocoapods
  • CycloneDX for Conan #Deprecated #NewProject
  • CycloneDX for Erlang/Elixir #Old-2
  • CycloneDX for Gradle
  • CycloneDX for Maven
  • CycloneDX for Node.js
  • CycloneDX for NPM
  • CycloneDX for PHP Composer
  • CycloneDX for Python
  • CycloneDX for Ruby Gems
  • CycloneDX for Rust Cargo
  • CycloneDX for SBT (Scala) #Old-2
  • CycloneDX for Webpack
  • CycloneDX GoMod Generate SBOM
  • CycloneDX JavaScript Library
  • CycloneDX Libraries for .NET
  • CycloneDX library for Go #Old-4
  • CycloneDX Node.js enerate SBOM
  • CycloneDX PHP Composer Generate
  • CycloneDX PHP Library
  • CycloneDX Python Generate SBOM
  • CycloneDX Python Library
  • CycloneDX Rust
  • CycloneDX Web Tool
  • CycloneDX Buildroot
  • CycloneDX editor validator
  • CycloneDx enrich
  • CycloneDx Merge
  • CycloneDX npm pipe
  • DaerBoard
  • Debricked
  • Defect Dojo
  • Dependency Track #consume
  • Dependency Track Jenkins Plugin #consume
  • Dependency Track Maven Plugin #consume
  • Distro2SBOM
  • docker sbom cli plugin
  • dtrack audit
  • Dtrack Auditor
  • Eclipse SW360 Antenna
  • EMBA
  • Endor Labs
  • Enso
  • EXPLIoT Security Assessment Framework
  • FACT
  • Flawnter
  • Fortify on Demant
  • Fortify Softw3are Security Center
  • Fortress Asset 2 Vendor
  • Fortress File Integrity Assurance
  • FOSSA
  • Gemnasium
  • Generate SBOM for Elixir project
  • gh-sbom
  • Go Sonatypes
  • gobom
  • Grype
  • Heimdall
  • Ion Channel Platform
  • ittosai
  • Jake
  • jbom
  • JDisc Discovery
  • Jetstack Secure
  • JupiterOne
  • kbom Kubernetes Bill of Materials
  • KICS
  • Ko
  • Kondukto
  • KubeClarity
  • Kyverno
  • Lagoon Insights Handler
  • Lib4sbom
  • License Scanner
  • LicenseComplianceTool
  • macaron
  • Manifest
  • mdom
  • MedScan
  • MedSCA
  • meta-dependencyTrack
  • Meterian BOSS scanner
  • MLOBOMdoc
  • Nancy
  • Neo4Cyclone
  • NetRise Turbine
  • Nexus IQ
  • Nexus Lifecycle Jenkins Plugin
  • NowSecure Platform
  • Ochrana CLI
  • Oliggo Runtime SBOM
  • OneKEY firmware analysis platforrm
  • OpenRewrite
  • OSS Invetory
  • ORT
  • oss_inventory
  • OSV
  • Parlay
  • pip-audit
  • Prisma Cloud
  • Project Piper
  • PulseUno Plugin for Dimensionns CM
  • RapidFort
  • Rebom
  • RelizaHub
  • Retire.js
  • Rezilion Dynamic SBOM
  • RKVST SBOM hub
  • Salus
  • SBOM Assembler
  • SBOM Benchmark
  • SBOM CLI
  • SBOM Explorerr
  • SBOM Grep
  • SBOM Insights
  • SBOM Observer
  • SBOM Quality Score
  • SBOM Scorecard
  • SBOM Utility
  • SBOM Action
  • SBOM Manager
  • SBOM Operator
  • SBOM-RS
  • SBOm Submission-Action
  • Sbom sissarmy bitbucket pipe
  • SBOM.sh
  • SBOM2doc
  • SBOM2dot
  • SBOM4files
  • SBOM4Python
  • SBOM4Rust
  • SBOMAudit
  • SBOMcenter
  • SBOMDiff
  • SBOM-Merge
  • SBOMTrend
  • sca-codeinsights reports cyclonedx
  • Scancode Toolkit
  • SCANOSS
  • SecObserve
  • Secure.software
  • SecureStack
  • Semgrep
  • ShiftLeft Scan
  • SnykVulnCheck
  • Software Assurance Gurdian Point man
  • SonarQube
  • Sonatype Lift
  • Spack
  • spdxcyclone
  • SRC:CLR Sbom Generator
  • StackAware
  • SwiftPackageSbomGenerator
  • SwiftBOM
  • Syft
  • Tally
  • Technolinator
  • Tern
  • ThreatMapper
  • Tidelift
  • Trivy
  • TrustSource
  • ValaaStack
  • Valint
  • ValueStreamManagement
  • Veracode
  • Vexy
  • Vigiles
  • vsm-sbom-booster
  • Vulnerabilities.io
  • Vuls
  • WpBom
  • Xray
  • Xyeni-Softwaare-Supply-Chain-Security
  • yasca

Awesome OpenSource here

  • Sbom4Python
  • Sbom4Rust
  • Sbom4Files
  • Distro2SBOM
  • SBOMDiff
  • SBOM2doc
  • SBOM2dot
  • SBOMAudit
  • SBOM-Manger
  • Bomber
  • CycloneDX Maven Plugin
  • CycloneDX CLI
  • CycloneDX CdxGen
  • Interlynk SBOM Assembler
  • Kubernetes SBOM Tool
  • ORT
  • Syft
  • Snyk CLI
  • Snyk SBOM Checker
  • SPDX Maven Plugin
  • SPDX Gradle Plugin
  • SPDX SBOM Generator #InDevelopment
  • SwiftBOM #Old-3
  • Tern
  • Trivy
  • DeepSCA

SBOM Everywhere Tooling Ecosystem SPDX OSS here

  • Augur
  • bom
  • CycloneDX CLI
  • FOSSLight
  • FOSSology
  • GitHub Self-Service SBOMs
  • in-toto
  • Longclaw
  • Maven Plugins
  • ntia-conformance-checker
  • Open Source Software Review Toolkit (ORT)
  • Protobom
  • REUSE
  • sbomq
  • sbom-tool
  • ScanCode Toolkit
  • SCANOSS
  • SPDX Java Libraries and Tools
  • SPDX Python Libraries
  • SPDX Golang Libraries
  • SPDX JavaScript Libraries
  • SPDX Online Tools
  • SPDX Maven Plugin
  • spdx-sbom-generator
  • SW360
  • Syft
  • Tern
  • Yocto Project / OpenEmbedded
  • Nix / Nixpkgs

SBOM Everywhere Tooling Ecosystem SPDX Propriatary here

  • Censinet
  • Cybeats SBOM Studio
  • CyberProtek
  • DejaCode
  • FACT
  • FOSSID → Snyk
  • Hub-SPDX (Black Duck Hub Report Utility)
  • MedScan
  • Software Assurance Guardian Point Man (SAG-PM)
  • SourceAuditor
  • TrustSource
  • Vigilant-ops
  • RKVST SBOM Hub
  • BlackBerry® Jarvis™
  • Fortress File Integrity Assurance (FIA)

SBOM Everywhere Tooling Ecosystem CycloneDx OSS [here](SBOM Everywhere Tooling Ecosystem SPDX Propriatary here)

  • Auditjs
  • Bach
  • BOM Repository Server
  • Chelsea
  • cdx-bower-bom
  • cdxgen
  • CycloneDX CLI
  • CycloneDX Core for Java
  • CycloneDX for Cocoapods
  • CycloneDX for .NET
  • CycloneDX for .NET (Models)
  • CycloneDX for .NET (XML)
  • CycloneDX for .NET (JSON)
  • CycloneDX for .NET (Utils)
  • CycloneDX for NPM
  • CycloneDX for Maven
  • CycloneDX for Gradle
  • CycloneDX for PHP Composer
  • CycloneDX for Python
  • CycloneDX for Ruby Gems
  • CycloneDX for Rust
  • CycloneDX for Rust Cargo
  • CycloneDX for SBT
  • CycloneDX for Erlang/Elixir Mix
  • CycloneDX for Erlang/Elixir Rebar3
  • CycloneDX for Go
  • CycloneDX for Go
  • CycloneDX for Go Modules
  • CycloneDX-Buildroot
  • CycloneDX Web Tool
  • DevAudit
  • dtrack-audit
  • Eclipse SW360 Antenna
  • GitHub Action: CycloneDX for Go Modules
  • GitHub Action: CycloneDX for Node.js
  • GitHub Action: CycloneDX for .NET
  • GitHub Action: CycloneDX for PHP
  • GitHub Action: CycloneDX for Python
  • GitHub Action: CycloneDX for Elixir Mix
  • GitHub Action: cdxgen
  • Go Sonatypes
  • Grype
  • HERE Open Source Review Toolkit
  • ittosai
  • Jake
  • mdbom
  • OpenRewrite
  • OWASP Defect Dojo
  • OWASP Dependency-Track
  • OWASP Dependency-Track Jenkins Plugin
  • Retire.js
  • SCANOSS
  • ScanCode Toolkit
  • ShiftLeft Scan
  • SwiftBOM
  • Syft
  • oss_inventory
  • Nancy
  • Tern
  • Valaa Stack
  • Visual Studio Code Plugin for Nexus IQ

SBOM Everywhere Tooling Ecosystem CycloneDx Propriatary [here](SBOM Everywhere Tooling Ecosystem SPDX Propriatary here)

  • Fortress File Integrity Assurance
  • Software Assurance Guardian Point Man (SAG-PM)
  • Sonatype Nexus IQ
  • Sonatype Nexus Lifecycle Jenkins Plugin
  • CyberProtek
  • MedCrypt Heimdal
  • MedScan
  • Reliza Hub
  • Cybeats SBOM Studio
  • TrustSource
  • JDisc
  • PulseUno Plugin for Dimensions CM

SBOM know how here

  • apko
  • CycloneDx Tool Center
  • Docker SBOM
  • FatBOM
  • KubeClarity
  • K8s BOM
  • OSS Review Toolkit
  • Pkgconf bomtool
  • Salus
  • SBOM Operator
  • ScanCode
  • SPDX SBOM Generator
  • Syft
  • Tern
  • Bomber
  • DaggerBoard
  • DependencyTrack
  • FOSSology
  • Grype
  • Hoppr Cop
  • KubeClarity
  • K8s BOM
  • OSS Review Toolkit
  • SBOM Diff Action
  • SBOM Operator
  • SBOM Scorecard
  • SBOM Utility
  • SBOM Quality Scoring
  • ScanCode.io
  • Trivy
  • Vulnerability Operator
  • apko
  • Cdx2Spdx
  • SBOM Composer
  • Tejolote
  • CycloneDX Parsers
  • SPDX Parsers
  • Conversion Tools
  • VEXctl
  • Vexy
@Mariuxdeangelo Mariuxdeangelo self-assigned this Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mariuxdeangelo Mariuxdeangelo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Mariuxdeangelo