MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
-
Updated
Dec 5, 2023 - Python
MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)
GitHub Action to analyze Pull Requests for open-source supply chain issues
ThunderaBSA is a Binary Static Analysis tool
pre-commit hooks to run grype
gradle pipeline
blackduck findbugs gradle githubactions
Integrate OpenSCA-cli into your GitHub Action to assess the supply chain risks associated with your application.
Discover Software Composition Analysis (SCA) in C# with vulnerable dependencies. Learn to manage security risks using OWASP Dependency-Check integration
CLI Security Tool for SAST & SCA
A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
Software Composition and Dependencies devroom - FOSDEM 2022
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
SCANOSS Java package providing a simple, easy to consume library for interacting with SCANOSS APIs.
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
This repo contains Github action for running CAST Highlight scans
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."