scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

sbomqs: The Comprehensive SBOM Quality & Compliance Tool

SBOM, provenance, dependency graph, and vulnerability tools for Nix.

Enrich SBOMs with data from third party services

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

creates CycloneDX Software-Bill-of-Materials (SBOM) from Node.js-based projects

Utility that provides an API platform for validating, querying and managing BOM data

Deptective automatically determines the native dependencies required to run any arbitrary program or command.

ReARM - Release Governance Platform for the Agentic Era

sbomasm: The Complete SBOM Management Toolkit

A toolset for dealing with Cryptography Bill of Materials (CBOM)

Validate SPDX 2 and 3 SBOM against NTIA, CISA, and other minimum element requirements.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

A tool to automatically detect copy+pasted and vendored code between repositories

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.