14 projects
Syft
Syft is a CLI tool and library for generating Software Bill of Materials (SBOM) from container images and filesystems. It provides deep inspection of container images and file systems to generate comprehensive SBOMs that help track software components, dependencies, and potential vulnerabilities.
Contributors
1,168
Organizations
331
Software value
$27M
Grant
Anchore is a container security company that provides tools and solutions for analyzing, scanning, and securing container images and cloud-native applications. Their technology helps organizations implement security policies, detect vulnerabilities, and ensure compliance in containerized environments.
Contributors
45
Organizations
9
Software value
$656K
OpenDataology
The mission of the OpenDataology project is to provide a crowd-sourced platform that provides approaches to analyze and document the license compliance risks of publicly available datasets used for Artificial Intelligence (AI) software. In addition, the project endeavors to develop and promote open standards that capture the metadata required for performing license compliance analysis, dataset license compliance analysis processes and supporting tools.
Contributors
27
Organizations
7
Software value
$513K
Fossology
FOSSology is a open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools available to help with your compliance activities.
Contributors
3
Organizations
1
Cargo Deny
❌ Cargo plugin for linting your dependencies 🦀
This project hasn't been onboarded to LFX Insights.
ClearlyDefined
Contains curations submitted by the community
This project hasn't been onboarded to LFX Insights.
CycloneDX Bill of Materials (BOM) Generator
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen
This project hasn't been onboarded to LFX Insights.
CycloneDX Core Java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
This project hasn't been onboarded to LFX Insights.
Fides
The Privacy Engineering & Compliance Framework
This project hasn't been onboarded to LFX Insights.
GitHub Dependency Review Action
A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
This project hasn't been onboarded to LFX Insights.
Licensee
A Ruby Gem to detect under what license a project is distributed.
This project hasn't been onboarded to LFX Insights.
OSS Review Toolkit
A suite of tools to automate software compliance checks.
This project hasn't been onboarded to LFX Insights.
ScanCode Toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
This project hasn't been onboarded to LFX Insights.