PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Software Composition Analysis Python Packages

Python packages with the GitHub topic software-composition-analysis. Sorted by relevance, with stars and monthly downloads.
nexB
commoncode

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

154K 3K 743
aboutcode-org
scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

97K 3K 742
duriantaco
ca9

CA9 is a local evidence engine for Python AppSec triage. It sits after scanners and before engineers waste time, proving which findings matter.

60K 5 0
jhermann
dependency-check

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

32K 50 12
scanoss
scanoss

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

27K 40 25
sonatype-nexus-community
ossindex-lib

Python library for querying OSS Index

16K 2 4
aboutcode-org
aboutcode-pipeline

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

10K 205 192
aboutcode-org
scancode-toolkit-mini

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

3K 3K 742
aboutcode-org
scancodeio

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

2K 205 192
tern-tools
tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

1K 1K 187
LLNL
surfactant

Modular framework to gather file information, analyze dependencies, and generate an SBOM

1K 41 25
nexB
licensedcode-index

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

932 3K 743
nexB
licensedcode-data

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

859 3K 743
oscarvalenzuelab
semantic-copycat-src2id

Source to ID - Identify package coordinates and repositories from source code using multiple strategies

436 3 0
SemClone
src2purl

Source to PURL - Identify package coordinates and PURLs from source code using UPMEX and multiple discovery strategies

189 3 0
    • Data from PyPI, GitHub, ClickHouse, and BigQuery