sbomqs: The Comprehensive SBOM Quality & Compliance Tool
Semantic SBOM diff and TUI analysis tool. Compares CycloneDX/SPDX files to component changes, dependency shifts, license conflicts, and vulnerabilities.
Utility that provides an API platform for validating, querying and managing BOM data
Hermeto is a CLI tool that prefetches project dependencies for hermetic container builds.
Reference GitHub Workflows for SBOM generation from the CISA SBOM Generation Reference Implementation Tiger Team
SBOM-in-a-Box is a unified platform to promote the production, consumption, and utilization of Software Bills of Materials.
SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.
Add a description, image, and links to the sbom-quality topic page so that developers can more easily learn about it.
To associate your repository with the sbom-quality topic, visit your repo's landing page and select "manage topics."