Sbom Python Packages

cyclonedx-python-lib

Functionality and DataModels of OWASP CycloneDX for Python

cyclonedx-bom

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

reuse

This is a mirror of https://codeberg.org/fsfe/reuse-tool

lib4sbom

Library to ingest and generate SBOMs

scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

cyclonedx-py

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

ca9

Open source Python CVE reachability analysis for evidence-backed SCA triage. Turn Snyk, Dependabot, Trivy, pip-audit, and OSV alerts into fix, suppress, or investigate decisions.

distro2sbom

Generates SBOM files from system packaging information

lib4vex

Library to ingest and generate VEX documents

csaf-tool

CSAF generator and validator

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

ai-bom

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

blint

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

ntia-conformance-checker

Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.

sbom2doc

Transform SBOM contents into a formatted document including markdown and PDF formats

ds-analysis-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

ds-xbom-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

ds-reporting-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

lintro

Making linters play nice... Mostly.

anchore-syft

Python wheels for installing Anchore's Syft tool for generating a Software Bill of Materials

sbomdiff

This tool compares two Software Bill of Materials (SBOMs) and reports the differences.

assay-it

CI-native evidence compiler for agent systems: MCP policy enforcement, evidence receipts, Trust Basis claims, and reviewable artifacts.