Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Main repository for the official Dependency-Track Jenkins plugin

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

Java library which implements the Java object model for SPDX and provides useful helper functions

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

A toolset for dealing with Cryptography Bill of Materials (CBOM)

Lockheed Martin developed utility to compare two CycloneDX SBOMs

GitHub app for SBOM creation using cdxgen and upload to Dependency-Track

ReARM SBOM / xBOM and Release Management - Community Edition

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs

Samples showing how to secure the supply chain for Java applications.

A simple expense tracker using Spring boot

SBOM-in-a-Box is a unified platform to promote the production, consumption, and utilization of Software Bills of Materials.

Experimental web service for checking the software bill-of-materials ("SBOM") for projects against license violations.

This repo contains the technology stack and its usage for software supply chain security of a Java application

Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.