You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Let's say I have many services that expose their SBOM at /actuator/sbom/application or they push to an arbitrary repository.
I want a tool/platform where I can provide insights and statistics regarding dependencies usage company-wide, for example, which Spring Boot version is used mostly or any other library.
What could I use these days? I passed from the tools in that awesome page and I can not find anything related.
I wonder how others get global dependencies insights.
What you need is a tool which ingests SBOMs of either format (SPDX and CycloneDX) and then start analysing the SBOMs to look at all of the components. I might be developing such a tool :-). Of course the big challenges is that many of the SBOM generators (I won't name names...) don't have enough information to allow for this to be reliably done.
There is a concept of SBOM that's implemented with different standards and one of them is CycloneDX looking the most popular these days.
There is a repository of all the SBOM-related tools and links.
Let's say I have many services that expose their SBOM at
/actuator/sbom/application
or they push to an arbitrary repository.I want a tool/platform where I can provide insights and statistics regarding dependencies usage company-wide, for example, which Spring Boot version is used mostly or any other library.
What could I use these days? I passed from the tools in that awesome page and I can not find anything related.
I wonder how others get global dependencies insights.
The copy of this my SOF question
The text was updated successfully, but these errors were encountered: