There is a concept of SBOM that's implemented with different standards and one of them is CycloneDX looking the most popular these days.
There is a repository of all the SBOM-related tools and links.
Let's say I have many services that expose their SBOM at /actuator/sbom/application or they push to an arbitrary repository.
I want a tool/platform where I can provide insights and statistics regarding dependencies usage company-wide, for example, which Spring Boot version is used mostly or any other library.
What could I use these days? I passed from the tools in that awesome page and I can not find anything related.
I wonder how others get global dependencies insights.
The copy of this my SOF question
There is a concept of SBOM that's implemented with different standards and one of them is CycloneDX looking the most popular these days.
There is a repository of all the SBOM-related tools and links.
Let's say I have many services that expose their SBOM at
/actuator/sbom/applicationor they push to an arbitrary repository.I want a tool/platform where I can provide insights and statistics regarding dependencies usage company-wide, for example, which Spring Boot version is used mostly or any other library.
What could I use these days? I passed from the tools in that awesome page and I can not find anything related.
I wonder how others get global dependencies insights.
The copy of this my SOF question