PyRank

Software Composition Analysis Python Packages

Python packages with the GitHub topic software-composition-analysis. Sorted by relevance, with stars and monthly downloads.
aboutcode-org
scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

87K 3K 725
duriantaco
ca9

Open source Python CVE reachability analysis for evidence-backed SCA triage. Turn Snyk, Dependabot, Trivy, pip-audit, and OSV alerts into fix, suppress, or investigate decisions.

69K 5 0
scanoss
scanoss

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

31K 41 25
jhermann
dependency-check

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

29K 50 12
sonatype-nexus-community
ossindex-lib

Python library for querying OSS Index

12K 2 4
aboutcode-org
aboutcode-pipeline

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

8K 201 191
aboutcode-org
scancode-toolkit-mini

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

4K 3K 725
aboutcode-org
scancodeio

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

3K 201 191
LLNL
surfactant

Modular framework for file information extraction and dependency analysis to generate accurate SBOMs

2K 40 23
nexB
licensedcode-index

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

2K 3K 726
tern-tools
tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

2K 1K 188
nexB
licensedcode-data

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

1K 3K 726
oscarvalenzuelab
semantic-copycat-src2id

SRC2PURL - Source Code to Package URL

297 3 0
SemClone
src2purl

SRC2PURL - Source Code to Package URL

146 3 0