The Living Encyclopedia of Software Dependencies
Explore the interconnected species of the software dependency world. Each cell represents a living component in the SBOM ecosystem.
The flowering plants of software: npm, PyPI, crates.io -- each package a unique bloom in the digital garden.
React, Django, Rails: the ancient trees that form the canopy, providing shelter for the ecosystem beneath.
Node.js, JVM, Python: the underground root networks that nourish everything growing above.
Webpack, Cargo, Maven: the fruit-bearing branches that compile, bundle, and distribute nourishment.
OpenSSL, libsodium, ring: delicate cryptographic flowers whose pollination secures the entire garden.
Express, Spring, FastAPI: the scaffold trees whose architecture supports countless species of application.
Docker, Kubernetes: the mycelial networks connecting disparate organisms across the software forest floor.
Trivy, Grype, Snyk: the pollinators that inspect and verify the health of every organism in the ecosystem.
Lodash, Pandas, serde: the ferns that unfurl data into usable forms across the forest floor.
A panoramic view of the software dependency tree -- packages as flowers, dependencies as stems, vulnerabilities as thorns.
SPDX
An open standard for communicating software bill of materials information, including provenance, license, and security details.
CycloneDX
A lightweight SBOM specification designed for use in application security contexts and supply chain component analysis.
SWID
ISO/IEC 19770-2 standard providing a transparent framework for software lifecycle management and identification.