Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

A BOM repository server for distributing CycloneDX BOMs

A standard API specification for exchanging supply chain artifacts and intelligence

A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

Find & pull public SBOMs

Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.

SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.