Software Bill of Materials - Dependency List

Hello,

We have a requirement for our project to track information of software components such as version, author, dependencies, etc of our project and generate a list of those software components. I was wondering if there is a tool that we could potentially use to generate this report. I came across Library dependency finder and was hoping is this information could potentially extracted from the tool. Any help is appreciated!

There is an issue open for it since long: Generate project SBOM in SPDX format · Issue #4247 · platformio/platformio-core · GitHub

So since that is not implemented the only way I see it being done is manual or half-manual with the help of the library dependency finder and “packages:” output (don’t forget the framework etc.).

1 Like

Thank you for your response! I agree that using library dependency finder is the way to go for now. I am curious on what information I can extract from the packages output that you had mentioned. I would also like to know how to extract the platformIO board framework dependencies, for example the version information of Arduino framework and Adafruit framework.