Pinned Loading

1. DependencyTrack/dependency-track DependencyTrack/dependency-track Public

   Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

   Java 2.7k 576

2. CycloneDX/specification CycloneDX/specification Public

   OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

   XSLT 363 58

3. package-url/purl-spec package-url/purl-spec Public

   A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

   689 160

4. OWASP/Software-Component-Verification-Standard OWASP/Software-Component-Verification-Standard Public

   Software Component Verification Standard (SCVS)

   Python 134 38

5. CPE-Parser CPE-Parser Public

   A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

   Java 47 15

6. cvss-calculator cvss-calculator Public

   A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

   Java 39 23