Parse, generate, and validate Software Bill of Materials (SBOM)

Storing multiple tarballs in git to save space

Personal blog built with Jekyll and hosted on GitHub Pages. I write about package management, software supply chain security, and open source infrastructure.

Content for GitHub profile

Every awesome list on every topic, including awesome lists of awesome lists, updated daily.

Content-addressed vulnerability identifiers

Static analysis for GitHub Actions

A Ruby gem for parsing, comparing and sorting versions according to the VERS spec.

A fast Sass compiler for Ruby, powered by grass (Rust)

A Ruby library for parsing, validating, and generating Package URLs (PURLs) as defined by the PURL specification

Generate Go module zip digests compatible with sum.golang.org

Generate and parse SoftWare Hash IDentifiers (SWHIDs)

A Ruby SDK for SARIF (Static Analysis Results Interchange Format) 2.1.0.

Ruby bindings for diffoscope - Compare packages, tarballs, files, URLs, or package URLs

Go-style imports for Ruby

Parse changelog files into structured data

Detect potential typosquatting packages across package ecosystems

A Sidekiq plugin that provides an MCP (Model Context Protocol) server for LLMs to interact with Sidekiq queues, stats, and failed jobs

Semantic diff for JSON files using JSON Schema metadata

GitHub action to upgrade version of Ruby in various places to the latest

Jekyll plugin that generates site statistics

A Go library and CLI for computing Software Heritage Identifiers (SWHIDs).

Is InnerSource Commons good for open source?

An alternative to hanami-assets that doesn't rely on npm

Ruby wrapper for the GitLab REST API, a fork of github.com/NARKOZ/gitlab updated to use Faraday

Paper Bill of Materials (PBOM) - Generate a paper bill of materials from the software of a paper