Inventory the components in your Nexus repository to spot known security or license issues. Not using Nexus? Try it for free.Learn More
Inventory the components in an application to discover known security or license issues. Create a bill of materials.Learn More
Modern software is assembled using a wide variety of re-usable software ‘building blocks’ which are largely open source components downloaded from public repositories or third party commercial components. Due to a lack of visibility and automation, developers inadvertently choose components with known security vulnerabilities and restrictive licenses. In fact, defective and outdated components are often chosen when better and safer versions have been available for years.
Similar to a “bill of materials” which is used in traditional manufacturing supply chains to track the suppliers, parts and versions used to build products, a ‘software bill of materials’ – also known as a BoM -- is used to inventory the components used to build software. Find out why it's important, what to look for when choosing a BoM provider, and what Sonatype provides.