• wizzim@infosec.pub
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    8 months ago

    +1

    Shameless plug to the OSS Review Toolkit project (https://oss-review-toolkit.org/ort/) which analyze your package manager, build a dependency tree and generates a SBOM for you. It can also check for vulnerabilitiea with the help of VulnerableCode.

    It is mainly aimed at OSS Compliance though.

    (I am a contributor)