stevespringett

Follow

Steve Springett stevespringett

Follow

I build stuff, I break stuff, I develop stuff to protect stuff. Creator of @DependencyTrack. Chair of @CycloneDX and @Ecma-TC54. Core team of @package-url

355 followers · 2 following

Highlights

Pro

Organizations

Block or Report

Block or report stevespringett

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

DependencyTrack/dependency-track DependencyTrack/dependency-track Public

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Java 2.5k 536
CycloneDX/specification CycloneDX/specification Public

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

XSLT 344 56
package-url/purl-spec package-url/purl-spec Public

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

645 152
OWASP/Software-Component-Verification-Standard OWASP/Software-Component-Verification-Standard Public

Software Component Verification Standard (SCVS)

Python 132 36
CPE-Parser CPE-Parser Public

A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

Java 46 15
cvss-calculator cvss-calculator Public

A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

Java 35 22