software-composition-analysis
Here are 70 public repositories matching this topic...
Language:All
Sort:Most stars
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
- Updated
Jul 17, 2025 - Java
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
- Updated
Jul 18, 2025 - JavaScript
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
- Updated
Jul 16, 2025 - Java
🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet projecthttps://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
- Updated
Jul 17, 2025 - Python
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
- Updated
Jul 18, 2025 - Go
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App:https://github.com/marketplace/lunatrace-by-lunasec/
- Updated
May 2, 2024 - TypeScript
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
- Updated
May 9, 2025 - Go
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
- Updated
Mar 12, 2024 - Python
Next Generation Software Composition Analysis (SCA) with Malicious Package Detection, Code Context & Policy as Code
- Updated
Jul 18, 2025 - Go
Scans your project to determine what components you use
- Updated
Jul 10, 2025 - C#
A compilation of resources in the software supply chain security domain, with emphasis on open source
- Updated
Apr 24, 2023
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
- Updated
Aug 21, 2024 - Scala
A simple Java command-line utility to mirror the CVE JSON data from NIST.
- Updated
Nov 4, 2022 - Java
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet projecthttps://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
- Updated
Jul 17, 2025 - Python
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
- Updated
Nov 26, 2024
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
- Updated
Jun 2, 2025 - Java
A light-weight app to audit and inventory large codebases for open source license compliance.
- Updated
Jul 18, 2025 - TypeScript
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
- Updated
Jan 20, 2025 - Python
The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
- Updated
Jul 18, 2025 - TypeScript
OWASP Dependency Track API client for intergration into CI/CD pipeline
- Updated
Jul 31, 2024 - Go
Improve this page
Add a description, image, and links to thesoftware-composition-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with thesoftware-composition-analysis topic, visit your repo's landing page and select "manage topics."