supply-chain-security — independent software & tools
-
trusca
Self-hosted, open-source SCA portal — vulnerability (CVE), license compliance, and SBOM management in one UI. Black Duck/Snyk-class capabilities, Apache-2.0.
-
gradle-wrapper-validator
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.