It-Depends has fundamental new capabilities for creating SBOMs. It resolves:
- Native dependencies with dynamic analysis
- All _possible_ dependency resolutions (not just 1)
- C/C++ dependencies with automake and cmake
- Go, JS, Rust, Python, C/C++ deps
Quote
What does your code use, and is it vulnerable? It-depends! Our new tool, It-Depends, can automatically build a dependency graph and software bill of materials (SBOM) for arbitrary code, even C and C++, and alert you to any upstream vulnerabilities. blog.trailofbits.com/2021/12/16/it-