PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Cyclonedx Python Packages

Python packages with the GitHub topic cyclonedx. Sorted by relevance, with stars and monthly downloads.
CycloneDX
cyclonedx-python-lib

Functionality and DataModels of OWASP CycloneDX for Python

29.8M 113 67
CycloneDX
cyclonedx-bom

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

1.9M 386 94
anthonyharrison
lib4sbom

Library to ingest and generate SBOMs

361K 44 21
nexB
commoncode

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

154K 3K 743
anthonyharrison
distro2sbom

Generates SBOM files from system packaging information

149K 40 17
aboutcode-org
scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

97K 3K 742
CycloneDX
cyclonedx-py

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

96K 386 94
anthonyharrison
lib4vex

Library to ingest and generate VEX documents

66K 20 4
BambooGap
skills-orchestrator

Open-source SkillOps / instruction-supply-chain control plane for AI-agent teams: policy packs, registry diff, evidence bundles, SARIF/SBOM, adapters, and MCP runtime.

39K 4 1
trusera
ai-bom

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

27K 276 75
anthonyharrison
sbom2doc

Transform SBOM contents into a formatted document including markdown and PDF formats

20K 42 9
Rul1an
assay-it

Policy-as-code for MCP agents: deny risky tool calls before they run, prove what ran with verifiable evidence, and enforce egress in the kernel (eBPF/LSM, Linux). Deterministic, offline-first, bounded claims.

17K 9 1
anthonyharrison
sbomdiff

This tool compares two Software Bill of Materials (SBOMs) and reports the differences.

15K 45 8
owasp-dep-scan
blint

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

15K 448 47
owasp-dep-scan
owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

14K 1K 131
msaad00
agent-bom

AI supply-chain & cloud security scanner and self-hosted control plane — agents, MCP, packages, cloud estate, non-human identities, and LLM cost. SBOM/SARIF, graph attack-paths, runtime enforcement, and compliance evidence.

13K 25 7
anthonyharrison
sbom4python

A tool to generate a SBOM (Software Bill of Materials) for an installed Python module

12K 39 11
anthonyharrison
sbom2dot

Create a dependency graph of the components within a SBOM

11K 21 0
anthonyharrison
sbom4files

SBOM generator for files within a directory

11K 8 1
owasp-dep-scan
ds-analysis-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
aboutcode-org
aboutcode-pipeline

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

10K 205 192
owasp-dep-scan
ds-xbom-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
owasp-dep-scan
ds-reporting-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

10K 1K 131
cpeoples
ansible-security-scanner

🛡️ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed.

8K 7 0
    • Data from PyPI, GitHub, ClickHouse, and BigQuery