sca
There are 144 repositories under sca topic.
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
aboutcode-org/scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
pay-rails/pay
Payments for Ruby on Rails apps
murphysecurity/murphysec
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
oss-review-toolkit/ort
A suite of tools to automate software compliance checks.
XmirrorSecurity/OpenSCA-cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
owasp-dep-scan/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
mergebase/log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
CycloneDX/cdxgen
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen
alipay/ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
Orange-Cyberdefense/grepmarx
A source code static analysis platform for AppSec enthusiasts.
stevespringett/nist-data-mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
prancer-io/cloud-validation-framework
prancer platform is an IaC Security engine + Continuous Compliance for your cloud (Azure, AWS, GCP) and Kubernetes environment
aboutcode-org/scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
AppThreat/vulnerability-db
Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.
momosecurity/mosec-maven-plugin
用于检测maven项目的第三方依赖组件是否存在安全漏洞。
hysnsec/awesome-sca
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
cycodehq/cycode-cli
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
clj-holmes/clj-watson
clojure deps SCA
J08nY/pyecsca
Python Elliptic Curve Side-Channel Analysis toolkit.
stevespringett/vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
darkarnium/Log4j-CVE-Detect
Detections for CVE-2021-44228 inside of nested binaries
m-sec-org/ryzesca
RyzeSCA 是M-SEC社区一款强化 DevSecOps 的软件成分分析工具,能在软件开发过程中分析和管理开源组件的安全风险。
vanhauser-thc/vulntest
Static code analysis test source code
lelledaniele/upaygo
Payment Gateway Microservice in Golang
checkmarx-ts/checkmarx-github-action
Checkmarx Scan Github Action
ionutbalosin/java-application-security-practices
Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.
mend-toolkit/mend-examples
Mend Implementation Examples
aboutcode-org/dejacode
Automate open source license compliance and ensure software supply chain integrity
eclipse-apoapsis/ort-server
A scalable server implementation of the OSS Review Toolkit.
momosecurity/mosec-gradle-plugin
用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
debricked/cli
Debricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.
momosecurity/mosec-composer-plugin
用于检测composer项目的第三方依赖组件是否存在安全漏洞。
momosecurity/mosec-pip-plugin
用于检测python项目的第三方依赖组件是否存在安全漏洞。
contrastsecurity/contrast
CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments