Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Bill of Materials (BOM) software for identifying dependencies along with versions that are out of date or vulnerable is a growing market in Government.


I can wholeheartedly recommend Syft.[0]

Decoupling SBOM data collection from vulnerability tracking (with your tool of choice) is a nice capability.

0: https://github.com/anchore/syft


I have good experience with

https://github.com/pivotal/LicenseFinder

This produces BOM with versions but rather than out of date it focuses on licenses which comes handy during acquisitions due diligence. Supports many languages




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: