Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Projects
  3. Eclipse Technology
  4. Eclipse jbom

Eclipse jbom

Primary tabs

  • Overview(active tab)
  • Downloads
  • Who's Involved
  • Developer Resources
  • Governance
  • Contact Us

Every software project ideally should create a Software Bill of Materials (SBOM) and make it available to the public, so that people know the exact version and other details about libraries leveraged by the project.

Eclipse jbom generates "Runtime SBOM" by directly measuring library use in a running application (both local and remote). This is the most accurate approach as it captures the exact libraries used by the application, even if they are in the platform, appserver, plugins, or anywhere else. This approach also include details of services invoked and which libraries are active. Eclipse jbom also offers the possibility to generate static SBOMs both from source and binaries.

Eclipse jbom:

  • offers a fast, complete, and accurate SBOM generator
  • produces standard CycloneDX SBOM in JSON format
  • works on both running apps/APIs and binaries
  • finds all libraries, including platform, appserver, plug-in, and dynamic sources
  • doesn't report test or other libraries not present at runtime
  • handles nested jar, war, ear, and zip files (including Spring)
  • handles jars using common shaded and relocation techniques
  • no source code required
Licenses: 
Apache License, Version 2.0

The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.

Active Member Companies: 
Member companies supporting this project over the last three months.
    Contribution Activity: 
    Commits on this project (last 12 months).
    Incubating - Eclipse jbom

    Related Projects

    Project Hierarchy:

    • Eclipse Technology
    • Eclipse jbom

    Eclipse Foundation

    • About Us
    • Contact Us
    • Sponsor
    • Members
    • Governance
    • Code of Conduct
    • Logo and Artwork
    • Board of Directors
    • Careers

    Legal

    • Privacy Policy
    • Terms of Use
    • Copyright Agent
    • Eclipse Public License
    • Legal Resources

    Useful Links

    • Report a Bug
    • Documentation
    • How to Contribute
    • Mailing Lists
    • Forums
    • Marketplace

    Other

    • IDE and Tools
    • Projects
    • Working Groups
    • Research@Eclipse
    • Report a Vulnerability
    • Service Status

    Copyright © Eclipse Foundation. All Rights Reserved.

    Back to the top