I had worked on designing and building one SBOM generation solution in DevSecOps pipeline. At the same time, I was building lots of micro-services and following different build patterns for them. And soon, I realize some gaps in the use of my own tool for own micro-services for complete SBOM generation. And I found the same gap in the existing open-source SBOM generation tools. So I decided to work on this and that gave rise to “orion” - an SBOM generation for software dependencies not managed through package managers.

The discussion of these gaps and some description of this tool is available in TheNewStack article here.

And the project is available at tap8stry/orion