Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Java library which implements the Java object model for SPDX and provides useful helper functions

Main repository for the official Dependency-Track Jenkins plugin

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

ReARM - Supply Chain Security and Asset Management for Releases, SBOMs, xBOMs, Security Artifacts

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

A toolset for dealing with Cryptography Bill of Materials (CBOM)

GitHub app for SBOM creation using cdxgen and upload to Dependency-Track

Lockheed Martin developed utility to compare two CycloneDX SBOMs

Samples showing how to secure the supply chain for Java applications.

SBOM-in-a-Box is a unified platform to promote the production, consumption, and utilization of Software Bills of Materials.

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs

A simple expense tracker using Spring boot

Experimental web service for checking the software bill-of-materials ("SBOM") for projects against license violations.

This repo contains the technology stack and its usage for software supply chain security of a Java application

A Jenkins plugin to create listings of third-party components and their licenses