In the previous post I talked about project Orion and how critical it is to embed it into our CI pipeline to ensure SBOM completeness of our application builds. It was truly exciting to see the technical gap Orion is trying to address is being called explicitly in the research report by none other than Gatrner.

On Feb. 14th 2022, Gartner published a report Innovation Insight for SBOMs. This report summarizes requirements, challenges, risk and tools in the space of SBOM. In this report, they specifically called out the technical gap and risk in the existing SBOM generation tooling that could not discover software dependencies installed through non-package managers modes. And this is precisely the problem that project Orion is solving.

SBOM generation tooling technical risk

This was a satisfying validation of the motivation when I started this project. And also, the fact that this project is being recognised amonst the SBOM management tools is gratifying.

List of open-source SBOM management tools