Final Thesis: Bill of Materials Generation and Tracking

Abstract: Software projects are growing and are reusing open source components more often. Reusing components saves development costs and grants other general benefits by using open source software. In order to get an overview of the code component architecture of software projects, the Professorship for Open Source Software created a tool. The tool extracts component and license information from build artifacts. The tool generates a model, which can be used to get an overview of all used components. Additionally, different processes can be applied to it, for example to check for license compliance or security vulnerabilities. Another important use case is the creation of Software Bill of Materials (BoM) artifacts. The BoM describes the components and licenses in a product. It is used to communicate component information throughout the software supply chain. Therefore this thesis focuses on developing a solution to automate the generation and tracking of such BoM artifacts.

PDFs: Bachelor Thesis, Work Description

Reference: Gregor Fendt. Bill of Materials Generation and Tracking. Bachelor Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2018.