(alphabetical order)
- CycloneDX: A lightweight software bill-of-material (SBOM) specification
- GitHub Dependency Submission API: allows third-party tools to submit dependency data to GitHub for inclusion in a repository's dependency graph.
- OWASP Dependency-Track: Open source component analysis platform
- OSS Index: A free catalog of Open Source Components and scanning tools to help developers identify vulnerable components
- OSS Review Toolkit: A suite of tools to assist with automating Open Source compliance checks.
- OSV Schema and OSV.dev: Open Source Vulnerability Schema and distributed vulnerability database
- Scancode Toolkit: Reports purl from parsed package manifests using https://github.com/package-url/packageurl-python
- Sonatype Nexus Lifecycle: Enterprise grade Open Source component management
- SPDX: A data exchange standard for human-readable and machine-processable software bill-of-materials (SBOM)