GUAC aggregates software security metadata into a high fidelity graph database.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

SBOM, provenance, dependency graph, and vulnerability tools for Nix.

Utility that provides an API platform for validating, querying and managing BOM data

The model for the information captured in SPDX version 3 standard.

Software Quality Management Tool

Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.

A library and CLI to work with CSAF and SBOM data

Vulnerability management tool that provides Buildroot SBOM generation and CVE Analysis of target images.

Yocto layer to integrate VulnScout in projects (SBOM Vulnerability Scanning & Assessment tool)

日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.

Generate your SBOM with CMake.

A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications

Go CLI tool that scans a repository for Hugging Face model usage and emits a CycloneDX AI/ML Bill of Materials.

Use SBOM metadata to validate release integrity.

📓 A python CLI tool to extract a software bill of materials and license info from a vcpkg manifest.

Copyright and License management solutions

AI BOM example. A simple sentiment analysis application, published solely as an artifact for the purpose of demonstrating a software bill of materials. Not recommended for any serious text classification task.