Skip to content


Here are 54 public repositories matching this topic...

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  • Updated Jul 10, 2024
  • Python

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App:

  • Updated May 2, 2024
  • TypeScript

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

  • Updated Jul 10, 2024
  • Go

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

  • Updated Mar 12, 2024
  • Python is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project Google Summer of Code, nexB and others generous sponsors!

  • Updated Jul 12, 2024
  • Python

Improve this page

Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."

Learn more