156 Open source projects that are alternatives of or similar to cyclonedx-cli

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

creates CycloneDX Software Bill of Materials (SBOM) from node-based projects

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Swift implementation of the package url spec

Python implementation of the package url spec

A light-weight app to audit and inventory large codebases for open source license compliance.

Build cost spreadsheet for a KiCad project.

Codenotary Community Attestation Service (CAS) for notarization and authentication of digital artifacts

A simple web app that helps developers understand the ASVS requirements.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The OWASP ZAP core project

The OWASP ZAP Heads Up Display (HUD)

OWASP Cloud Security - Enabling conversations through threat and control stories

Learning Penetration Testing of Android Applications

An open source, online threat modelling tool from OWASP

Awesome Node.js Security resources

OWASP Honeypot, Automated Deception Framework.

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Audit tool to find common vulnerabilities in PHP source code

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

Automated Security Testing For REST API's

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Desktop variant of OWASP Threat Dragon

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

nodejs + express security and performance boilerplate.

Automated Penetration Testing Framework

In-depth Attack Surface Mapping and Asset Discovery

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Get a list of licenses used by a projects dependencies

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Sqreen's Application Security Management for the Go language

Ready to use images of Zap and Glue, especially for CI integration.

OWASP Threat Dragon core files

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP Joomla Vulnerability Scanner Project

The DevSecOps toolset for REST APIs

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

OWASP WEB Directory Scanner

In-depth Attack Surface Mapping and Asset Discovery

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Vulnerability Patterns Detector for C# and VB.NET

OWASP Web Application Security Testing Checklist