* [Chainloop v1.83.0](https://github.com/chainloop-dev/chainloop) – Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

* [Grant v0.6.4](https://github.com/anchore/grant) – CLI and Go library for scanning and enforcing software licenses in container images, SBOMs, and filesystems.

* [sbomqs v2.0.5](https://github.com/interlynk-io/sbomqs) – Evaluates SBOM quality, validates compliance against standards, analyzes components, and identifies vulnerabilities.