Every software project ideally should create a Software Bill of Materials (SBOM) and make it available to the public, so that people know the exact version and other details about libraries leveraged by the project.
Eclipse jbom generates "Runtime SBOM" by directly measuring library use in a running application (both local and remote). This is the most accurate approach as it captures the exact libraries used by the application, even if they are in the platform, appserver, plugins, or anywhere else. This approach also include details of services invoked and which libraries are active. Eclipse jbom also offers the possibility to generate static SBOMs both from source and binaries.
Eclipse jbom:
- offers a fast, complete, and accurate SBOM generator
- produces standard CycloneDX SBOM in JSON format
- works on both running apps/APIs and binaries
- finds all libraries, including platform, appserver, plug-in, and dynamic sources
- doesn't report test or other libraries not present at runtime
- handles nested jar, war, ear, and zip files (including Spring)
- handles jars using common shaded and relocation techniques
- no source code required
Licenses: