shiftleftcyber/sbom-signing-best-practices

A multi-language reference implementation for computing canonical SBOM hashes. Supports CycloneDX v1.7 & SPDX v2.2, v3.0 (JSON) to demonstrate cross-language interoperability and best practices for SBOM signing and verification.

GitHub repository with 5 stars and 0 forks.

Language: Java

Topics: cyclonedx, sbom, spdx, canonicalization, go, java, javascript, jcs, jsf, json

Open provider repository

Latest metric snapshot

2026-06-05: 5 stars and 0 forks.

Similar repositories

  1. 1. DependencyTrack/dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    GitHub repository with 3,910 stars and 748 forks.

    Trending score: 1.52; stars gained: +2; forks gained: +0.

    Language: Java

    Topics: appsec, bill-of-materials, bom, component-analysis, cyclonedx, devsecops

  2. 2. relizaio/rearm

    ReARM - Release Governance Platform for the Agentic Era

    GitHub repository with 119 stars and 9 forks.

    Trending score: 0.23; stars gained: +0; forks gained: +0.

    Language: Java

    Topics: release, release-automation, release-engineering, release-management, sbom, sbom-distribution

Trending in Java

  1. 1. opendataloader-project/opendataloader-pdf

    PDF Parser for AI-ready data. Automate PDF accessibility. Open-source.

    GitHub repository with 25,049 stars and 2,364 forks.

    Trending score: 4.94; stars gained: +514; forks gained: +54.

    Language: Java

    Topics: a11y, accessibility, ai, bounding-box, document-parsing, eaa

  2. 2. skylot/jadx

    Dex to Java decompiler

    GitHub repository with 49,065 stars and 5,547 forks.

    Trending score: 3.93; stars gained: +205; forks gained: +13.

    Language: Java

  3. 3. NationalSecurityAgency/ghidra

    Ghidra is a software reverse engineering (SRE) framework

    GitHub repository with 69,674 stars and 7,648 forks.

    Trending score: 3.84; stars gained: +105; forks gained: +11.

    Language: Java

    Topics: disassembler, reverse-engineering, software-analysis

  4. 4. agentscope-ai/agentscope-java

    AgentScope Java: Agent-Oriented Programming for Building LLM Applications

    GitHub repository with 3,826 stars and 819 forks.

    Trending score: 3.82; stars gained: +104; forks gained: +22.

    Language: Java

    Topics: agent, agentic, agentic-ai, ai, llm

  5. 5. alibaba/spring-ai-alibaba

    Agentic AI Framework for Java Developers

    GitHub repository with 10,014 stars and 2,232 forks.

    Trending score: 3.45; stars gained: +80; forks gained: +23.

    Language: Java

  6. 6. bethington/ghidra-mcp

    Ghidra MCP Server — 200+ MCP tools for AI-powered reverse engineering. GUI plugin + headless server, lazy tool loading, convention enforcement, batch operations, Ghidra Server integration, and Docker deployment.

    GitHub repository with 2,440 stars and 32 forks.

    Trending score: 3.42; stars gained: +86; forks gained: +6.

    Language: Java

    Topics: binary-analysis, ghidra, java, mcp, model-context-protocol, python

Trending topic: cyclonedx

  1. 1. anchore/grype

    A vulnerability scanner for container images and filesystems

    GitHub repository with 12,413 stars and 812 forks.

    Trending score: 2.73; stars gained: +25; forks gained: +4.

    Language: Go

    Topics: container-image, containers, cyclonedx, docker, go, golang

  2. 2. DependencyTrack/dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    GitHub repository with 3,910 stars and 748 forks.

    Trending score: 1.52; stars gained: +2; forks gained: +0.

    Language: Java

    Topics: appsec, bill-of-materials, bom, component-analysis, cyclonedx, devsecops

  3. 3. package-url/purl-spec

    A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

    GitHub repository with 1,055 stars and 236 forks.

    Trending score: 1.27; stars gained: +2; forks gained: +1.

    Language: Python

    Topics: purl, package-url, package, url, cyclonedx, dependencies

  4. 4. oss-review-toolkit/ort

    A suite of tools to automate software compliance checks.

    GitHub repository with 2,033 stars and 382 forks.

    Trending score: 0.90; stars gained: +1; forks gained: +0.

    Language: Kotlin

    Topics: compliance, copyright, cra, cyclonedx, dependencies, dependency-graph

  5. 5. cdxgen/cdxgen

    Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

    GitHub repository with 989 stars and 254 forks.

    Trending score: 0.74; stars gained: +0; forks gained: +0.

    Language: JavaScript

    Topics: bom, sca, cyclonedx, sbom, docker, oci

  6. 6. CycloneDX/cyclonedx-node-npm

    Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

    GitHub repository with 145 stars and 29 forks.

    Trending score: 0.73; stars gained: +1; forks gained: +0.

    Language: JavaScript

    Topics: bill-of-materials, bom, cyclonedx, dependency-graph, hacktoberfest, node