Generating CycloneDX Software Bills of Materials (SBOM) for all relevant services in product organizations requires a substantial time because all teams must touch their CI/CD pipelines.
A stand-alone tool released in the open-source community helps to boost the process of collecting SBOMs at scale for their usage in LeanIX VSM. Available under the Apache License (version 2.0), the tool is:
Adaptable to different Git setups (Github, Gitlab, etc.)
Capable of automatically generating SBOMs across entire Git organizations
Providing generated SBOMs to LeanIX VSM
Significantly reducing the time-to-value in SBOM generation
According to the open-source approach, contributions to further improve the tool are welcomed.
The tool's technical documentation provides details for developers on how to use it.