Pinned Loading

1. DependencyTrack/dependency-trackDependencyTrack/dependency-trackPublic

   Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

   Java 3.5k 694

2. CycloneDX/specificationCycloneDX/specificationPublic

   OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

   XSLT 453 78

3. package-url/purl-specpackage-url/purl-specPublic

   A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

   Python 927 213

4. OWASP/Software-Component-Verification-StandardOWASP/Software-Component-Verification-StandardPublic

   Software Component Verification Standard (SCVS)

   Python 151 39

5. CPE-ParserCPE-ParserPublic

   A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

   Java 54 18

6. cvss-calculatorcvss-calculatorPublic

   A Java library for calculating CVSSv2, CVSSv3, and CVSSv4 scores and vectors

   Java 50 23