LFX Platform

Know more about LFX Platform

LFX Insights

Software Composition Analysis Tools

Tools for analyzing software dependencies, generating SBOMs, and ensuring open source license and regulatory compliance.

14 projects

1,243 contributors

$28M

Syft

Syft is a CLI tool and library for generating Software Bill of Materials (SBOM) from container images and filesystems. It provides deep inspection of container images and file systems to generate comprehensive SBOMs that help track software components, dependencies, and potential vulnerabilities.

Contributors

1,168

Organizations

331

Software value

$27M

Grant

Anchore is a container security company that provides tools and solutions for analyzing, scanning, and securing container images and cloud-native applications. Their technology helps organizations implement security policies, detect vulnerabilities, and ensure compliance in containerized environments.

Contributors

45

Organizations

9

Software value

$656K

OpenDataology

The mission of the OpenDataology project is to provide a crowd-sourced platform that provides approaches to analyze and document the license compliance risks of publicly available datasets used for Artificial Intelligence (AI) software. In addition, the project endeavors to develop and promote open standards that capture the metadata required for performing license compliance analysis, dataset license compliance analysis processes and supporting tools.

Contributors

27

Organizations

7

Software value

$513K

Fossology

FOSSology is a open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools available to help with your compliance activities.

Contributors

3

Organizations

1

Cargo Deny

❌ Cargo plugin for linting your dependencies 🦀

This project hasn't been onboarded to LFX Insights.

ClearlyDefined

Contains curations submitted by the community

This project hasn't been onboarded to LFX Insights.

CycloneDX Bill of Materials (BOM) Generator

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

This project hasn't been onboarded to LFX Insights.

CycloneDX Core Java

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

This project hasn't been onboarded to LFX Insights.

Fides

The Privacy Engineering & Compliance Framework

This project hasn't been onboarded to LFX Insights.

GitHub Dependency Review Action

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs

This project hasn't been onboarded to LFX Insights.

Licensee

A Ruby Gem to detect under what license a project is distributed.

This project hasn't been onboarded to LFX Insights.

OSS Review Toolkit

A suite of tools to automate software compliance checks.

This project hasn't been onboarded to LFX Insights.

ScanCode Toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

This project hasn't been onboarded to LFX Insights.
Looking for a project that’s not listed?