jbom, an open source project hosted by the Eclipse Foundation generates SBOMs from any Java project. Why is that useful?
Supply chain security is all the rage right now. We've taken a look at the implications as well as the ways of mitigation according the Linux Foundation's answer to supply chain attacks:
To build useful software we don't reinvent the wheel but we base on work already done coming bundled in the form of libraries. The problem is that even a mediocre open source project can have loads of such dependencies which themselves depend on others , forming a lengthy chain. Not a problem per se unless malicious code or security vulnerability finds its way anywhere in this chain.
full article on i-programmer: