Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Functionality and DataModels of OWASP CycloneDX for Python

A toolset for dealing with Cryptography Bill of Materials (CBOM)

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

A tool for detecting cryptographic assets in container images and directories, and generating CBOMs.

GitHub Action to generate Cryptography Bill of Materials (CBOM)

Data and schema powering the worlds largest collection of SBOM/xBOM products, projects, and services

Présentation sur la sécurisation de la chaîne d'approvisionnement logicielle via les Software Bill Of Materials

BF-CBOM: Your Best Friend for Generating, Understanding, and Comparing Cryptography Bills of Material (CBOMs)

Cryptographic Discovery Scanner - Find every cryptographic algorithm in your codebase and now your quantum risk - part of the QRAMM Toolkit by CSNP

CLI tool to scan filesystems, containers, and network ports for cryptographic assets and generate a CycloneDX CBOM.

TLS/SSL security analyzer for quantum readiness assessment and CNSA 2.0 compliance

A testbed for benchmarking Cryptographic Bills of Materials (CBOMs).

Cryptographic Dependency Scanner - Identify quantum-vulnerable cryptographic algorithms in your software dependencies. Part of the QRAMM Toolkit.

Post-quantum cryptography scanner: detects quantum-vulnerable algorithms across 14+ languages with CycloneDX 1.7 CBOM output and CNSA 2.0 compliance checking

Scan codebases for quantum-vulnerable cryptography. Detect RSA, ECDSA, Ed25519, ECDH before Q-Day. CycloneDX CBOM + SARIF output.

Open-source tools for post-quantum cryptography readiness assessment