Hacker News new | past | comments | ask | show | jobs | submit login

Bill of Materials (BOM) software for identifying dependencies along with versions that are out of date or vulnerable is a growing market in Government.



I can wholeheartedly recommend Syft.[0]

Decoupling SBOM data collection from vulnerability tracking (with your tool of choice) is a nice capability.

0: https://github.com/anchore/syft


I have good experience with

https://github.com/pivotal/LicenseFinder

This produces BOM with versions but rather than out of date it focuses on licenses which comes handy during acquisitions due diligence. Supports many languages




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: