Our great sponsors
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
We weren't happy with what was already out there, so we built our own -- https://github.com/mattermost/gobom
Currently the best one I know of is https://github.com/anchore/syft. It finds most dependencies even within built artifacts.
You can also check out the comments in https://news.ycombinator.com/item?id=32104805 - the release announcement of Salus (Microsoft)