S
SBOM

Projects with this topic

View Dependency Scanning project

GitLab.org / security-products / analyzers / Dependency Scanning

Analyzer that scans for application dependencies.

Dependency S... GL-Secure GL-Secure-An... SBOM cyclonedx software com...

6

Updated May 13, 2026

6 14 27

Updated May 13, 2026
View glc-code-scan project

scanoss / glc-code-scan
CI/CD Catalog

Integrate SCANOSS Platform with Gitlab

GitLab CICD ... SBOM

1

Updated May 11, 2026

1 0 1 0

Updated May 11, 2026
View SecAssessment-GapDetection-Thesis project

ThesisGroup / SecAssessment-GapDetection-Thesis

D3FENDer is a security assessment and gap detection tool developed by Michael Favvas for his thesis titled "Development of a security assessment and gap detection system using the MITRE ATT&CK and D3FEND Frameworks". It uses a rule based system to grade an organization's defenses based on the input. It then detects possible gaps and suggests mitigations based on the MITRE ATT&CK and D3FEND Knowledge Bases. The tool can be used in SOC work flows.

cybersecurity devsecops Python security-audit Docker SBOM rule-engine JSON SQLite

1

Updated May 08, 2026

1 0

Updated May 08, 2026
View trivy project

gmss / support / gitlab-ci-templates / trivy

Gitlab CI/CD template that facilitates scan targets against security issues

GitLab CI/CD container-se... SBOM trivy

0

Updated May 04, 2026

0 0 0 0

Updated May 04, 2026
View Helm Auditor project

Lisandro Fernández Rocha / Helm Auditor

Kubernetes-native Helm auditor for supply chain security, aggregating SBOM, vulnerability, and provenance data.

Kubernetes helm supply-chain... devsecops SBOM container-se...

0

Updated May 02, 2026

0 0 0 0

Updated May 02, 2026
View tach project

GitLab.com / Public Sector Tools / tach

DevSecOps health check for GitLab Self-Managed instances.

SBOM airgap cli cosign devsecops GitLab Go health-check metrics self-managed

0

Updated Apr 30, 2026

0 0 0 0

Updated Apr 30, 2026
View Dependency Scanning project

GitLab components / Dependency Scanning
CI/CD Catalog

BETA: Dependency Scanning for supported projects

Dependency S... security dataset software com... cyclonedx SBOM

6

Updated Apr 30, 2026

6 6 1

Updated Apr 30, 2026
View closure-check project

GitLab.com / Public Sector Tools / closure-check

[Reference tool] Analyze SBOM dependency graph complexity to predict BuildDependencyGraphWorker performance. CycloneDX and SPDX 2.3. No compiled artifact.

reference SBOM cyclonedx Python supply-chain

1

Updated Apr 16, 2026

1 1 0

Updated Apr 16, 2026
View Metaport Python Agent project

dcentrica / Metaport / Metaport Python Agent

A package for installation into Python web-projects, for reporting data to a Metaport server.

Python Metaport SBOM end-of-life

0

Updated Mar 26, 2026

0 0 0 5

Updated Mar 26, 2026
View Metaport PHP Agent project

dcentrica / Metaport / Metaport PHP Agent

A package for installation into PHP web-projects, for reporting data to a Metaport server.

PHP Metaport SBOM end-of-life

2

Updated Mar 26, 2026

2 0 0 10

Updated Mar 26, 2026
View Metaport .Net Agent project

dcentrica / Metaport / Metaport .Net Agent

A package for installation into .Net projects, for reporting data to a Metaport server.

.NET Metaport SBOM end-of-life

0

Updated Feb 10, 2026

0 0 0 2

Updated Feb 10, 2026
View aws-gitlab-lab project

Mike Fernandez / aws-gitlab-lab

A fully automated 13-stage DevSecOps CI/CD pipeline that integrates security, compliance, and cloud-native deployment using GitLab CI and Amazon EKS.

The pipeline demonstrates real-world DevSecOps practices including:

• SAST, dependency, container, IaC, and Kubernetes manifest scanning • SBOM generation (CycloneDX) • Automated POA&M creation mapped to NIST controls • Evidence packaging for compliance audits • Secure image push to Amazon ECR • Deployment and validation on Amazon EKS • Full run-to-completion behavior (lab mode) with findings documented rather than blocking

This project showcases an end-to-end secure software supply chain workflow suitable for: cloud engineering, DevOps, cybersecurity, and compliance automation demonstrations.

devsecops cicd gitlab-ci Amazon Web S... eks.kubernetes Terraform iac SBOM security-sca... Compliance NIST automation cloud-native Docker

1

Updated Feb 08, 2026

1 0

Updated Feb 08, 2026
View Metaport NodeJS Agent project

dcentrica / Metaport / Metaport NodeJS Agent

A package for installation into NodeJS web-projects, for reporting data to a Metaport server.

nodejs NodeJS Module Metaport SBOM end-of-life

0

Updated Jan 20, 2026

0 0 0 9

Updated Jan 20, 2026
View VEX exporter project

GitLab components / sbom / VEX exporter
CI/CD Catalog

VEX exporter for GitLab projects using Dependency Scanning

vex SBOM

2

Updated Jan 13, 2026

2 1 0 0

Updated Jan 13, 2026
View SBOM Generator project

GitLab components / sbom / SBOM Generator
CI/CD Catalog

CI/CD component to extract SBOMs from GitLab projects.

SBOM

7

Updated Jan 13, 2026

7 1 0 8

Updated Jan 13, 2026
View DevSecOps-Pipeline-poc project

Gautam / DevSecOps-Pipeline-poc

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

devsecops SAST SBOM trivy eks

0

Updated May 22, 2025

0 0 0

Updated May 22, 2025
View metaeffekt-automation project

metaeffekt / metaeffekt-automation
CI/CD Catalog (unpublished)

This project illustrates the use of metaeffekt Kontinuum within Gitlab.

SBOM license-scanner open-source-... ci cd CVE CPE vulnerabilit... vulnerabilit... vulnerability vulnerabilit... software-ass...

1

Updated Jan 17, 2025

1 0 0 0

Updated Jan 17, 2025