OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles

Scans your project to determine what components you use

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

A suite of utilities to help with software supply chain challenges on nix targets

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

Utility that provides an API platform for validating, querying and managing BOM data

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)