Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

Format agnostic SBOM tooling

A standard API specification for exchanging supply chain artifacts and intelligence

A BOM repository server for distributing CycloneDX BOMs

A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

Find & pull public SBOMs

ReARM SBOM / xBOM and Release Management - Community Edition

Documentation and ticket dashboard for BOMnipotent, a server-client application for hosting supply chain security data.

Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.

CLI to interact with ReARM SBOM / xBOM and Release Manager

SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.