Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions

Lockheed Martin developed utility to compare two CycloneDX SBOMs

GitHub app for SBOM creation using cdxgen and upload to Dependency-Track

ReARM SBOM / xBOM Repository and Release Management

Samples showing how to secure the supply chain for Java applications.

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs

SBOM-in-a-Box is a unified platform to promote the production, consumption, and utilization of Software Bills of Materials.

A Jenkins plugin to create listings of third-party components and their licenses

Detect Licenses, dependencies by scanning your project/repositories to discover the Open Source and Third party packages used in your code.

A Java library for creating and consuming SBOMs in Standard BOM format

Lockheed Martin developed common SBOM library

@jQAssistant plugin to scan and analyze CycloneDX files (e.g. SBOM).

Lockheed Martin developed common library to combine multiple SBOMs

Lockheed Martin developed Java utility to generate CycloneDX SBOMs for Linux distributions, modified to interrogate specific debian packages.