* [Chainloop v1.83.0](https://github.com/chainloop-dev/chainloop) – Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

* [CycloneDX Generator (cdxgen) v12.1.2](https://github.com/cdxgen/cdxgen) – CLI, library, REPL, and server generating CycloneDX Bill of Materials (BOM) in JSON for projects and container images.

* [Macaron v0.22.0](https://github.com/oracle/macaron) – Supply chain security analysis tool focused on verifying build integrity and detecting malicious or vulnerable software artifacts.

* [Grant v0.6.4](https://github.com/anchore/grant) – CLI and Go library for scanning and enforcing software licenses in container images, SBOMs, and filesystems.

* [sbomqs v2.0.5](https://github.com/interlynk-io/sbomqs) – Evaluates SBOM quality, validates compliance against standards, analyzes components, and identifies vulnerabilities.