156 Open source projects that are alternatives of or similar to cyclonedx-dotnet

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

creates CycloneDX Software Bill of Materials (SBOM) from node-based projects

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles

Swift implementation of the package url spec

Python implementation of the package url spec

Build cost spreadsheet for a KiCad project.

A light-weight app to audit and inventory large codebases for open source license compliance.

Codenotary Community Attestation Service (CAS) for notarization and authentication of digital artifacts

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

CSRF Protector library: standalone library for CSRF mitigation

Awesome Node.js Security resources

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

OWASP Honeypot, Automated Deception Framework.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

Hacking tools

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A simple web app that helps developers understand the ASVS requirements.

A simple tool for interacting with OWASP ZAP from the commandline.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Audit tool to find common vulnerabilities in PHP source code

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

The OWASP ZAP core project

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Learning Penetration Testing of Android Applications

The Secure Coding Dojo is a platform for delivering secure coding training.

An open source, online threat modelling tool from OWASP

OWASP Cloud Security - Enabling conversations through threat and control stories

Desktop variant of OWASP Threat Dragon

nodejs + express security and performance boilerplate.

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

Get a list of licenses used by a projects dependencies

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Automated Security Testing For REST API's

Automated Penetration Testing Framework

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Ready to use images of Zap and Glue, especially for CI integration.

The OWASP ZAP Heads Up Display (HUD)

In-depth Attack Surface Mapping and Asset Discovery

OWASP Threat Dragon core files

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Sqreen's Application Security Management for the Go language

OWASP Joomla Vulnerability Scanner Project

OWASP WEB Directory Scanner

An application to catch, search and analyze HTTP secure headers.