Java sbom

Open-source Java projects categorized as sbom
Edit details
Topics: cyclonedx Owasp bill-of-materials bom package-url
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 4 Java sbom Projects

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    • Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21

    I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

    I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

    It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

    Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

  • cyclonedx-maven-plugin

    Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

    • Project mention: Best Practices for Adopting Open-Source Software in 2024 | dev.to | 2024-05-17

    SPDX17 is an open standard developed by the Linux Foundation to communicate details of a SBOM, including components, licenses, copyrights, and security references, recognised internationally as ISO/IEC 5962:202118 (System Package Data Exchange (SPDX®) 2024). CycloneDX19, originating from the Open Web Application Security Project (OWASP) community, is an SBOM standard crafted for application security and supply chain component analysis, now extended to encompass a broader array of applications such as software-as-a-service BOM (SaaSBOM) (CycloneDX 2024).

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cyclonedx-gradle-plugin

    Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

  • cyclonedx-core-java

    CycloneDX SBOM Model and Utils for Creating and Validating BOMs

    • Project mention: Dependency inventory / dashboard for multiple maven projects | /r/java | 2023-06-08
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Java sbom related posts

  • CycloneDX SBom (Software Bill of material) Maven Demo

    4 projects | dev.to | 17 Aug 2022

Index

What are some of the best open-source sbom projects in Java? This list will help you:

Project Stars
1 dependency-track 2,362
2 cyclonedx-maven-plugin 274
3 cyclonedx-gradle-plugin 141
4 cyclonedx-core-java 68

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com