Abstract: Modern software development relies heavily on third-party components, creating transparency deficits in software supply chains. A Software Bill of Materials (SBOM) addresses this challenge by documenting component inventories. However, existing generation tools provide rigid outputs that cannot accommodate the diverse requirements of organizational stakeholders. This thesis develops a configurable SBOM export system that enables template-driven generation across multiple formats with embedded legal notices. The objective was to create a system that addresses the configuration gap in existing SBOM tools by providing accessible template management for organizational governance while maintaining technical flexibility for specialized use cases. The implementation employs a modular architecture for multi-format support (SPDX v2.3/v3.0.1, CycloneDX v1.5/v1.6), template management, and user interfaces. The system integrates within the SCA Tool infrastructure while introducing new capabilities such as customizable dependency filtering, vulnerability data inclusion, and license text integration. By doing so, this work extends SCA Tool with a practical and flexible export solution that enhances software supply chain transparency and compliance readiness.
Keywords: SCA Tool, Software Bill of Materials (SBOM), SPDX, CycloneDX, License Compliance, Legal Notices
PDF: Bachelor Thesis
Reference: Robin Neubauer. Configurable SBOM and Legal Notice Exports for SCA Tool. Bachelor Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2025.
Discover more from Professorship for Open-Source Software
Subscribe to get the latest posts sent to your email.