scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Security & License Compliance For Your App's Dependencies 🪱

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.

GitHub action to generate a CycloneDX SBOM for Node.js

GitHub action to generate a CycloneDX SBOM for Python

GitHub action to generate a CycloneDX SBOM for .NET

A library and CLI to work with CSAF and SBOM data

Service to scan licenses from source code

A GitHub Action that takes SPDX SBOMs and uploads them to GitHub's dependency submission API to power Dependabot alerts

Runtime Enforcement of Security-Enhanced SBOMs for Node.js

An experimental DID Method for Supply Chain Integrity, Transparency and Trust (SCITT)

Automated Secrets, Misconfiguration, IaC Misconfiguration detection, and OSS by Check Point CloudGuard

The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.

Agentic AI workflow for Supply Chain Analysis using GitHub Actions

node-dependency-track-upload

Sample nodejs app to illustrate best-practices for proactive security