Skip to main content

Credits & Acknowledgements

This project leverages several open-source tools and APIs, contributing significantly to its functionality and effectiveness. We extend our sincere thanks to the developers and maintainers of these resources.

Tools

Syft:

  • A powerful CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. GitHub Repository

Grype:

  • A vulnerability scanner for container images and filesystems, offering an easy and accessible way to find vulnerabilities in your projects. GitHub Repository

CCScanner:

  • Is an advanced tool focused on unraveling and managing the intricacies of Third-Party Library (TPL) dependencies within the C/C++ ecosystem, a domain previously less explored due to the absence of a unified package manager. GitHub Repository. Read the Paper on arXiv

CENTRIS:

  • Presents a precise and scalable methodology for identifying the reuse of modified open-source software (OSS), addressing the challenges of vulnerability propagation and license violation inherent in unmanaged OSS components. Read the Paper on arXiv

Binwalk:

  • "Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images". GitHub Repository

APIs

Nist Vulnerabilities API:

  • Provides access to the National Vulnerability Database (NVD), a comprehensive repository of vulnerability management data. API Documentation

Nist Products API:

  • Allows querying of product information to assist in understanding the impact of vulnerabilities. API Documentation

OpenAI's ChatGPT 3.5 Turbo:

  • ChatGPT 3.5 Turbo's natural language processing capabilities allows it to interpret complex vulnerability descriptions, mapping them to the most relevant CWE categories.

The use of these tools and APIs has been instrumental in the development of our project. We are grateful for the support and contributions of the open-source community.