Hey, this is Mirco from Darmstadt, Germany


I'm Mirco from Darmstadt, Germany. I'm married, have 2 daughters and a dog. I work as an IT architect and I've been in the tech business for the last 20 years. I've been doing frontend, backend, DBs and also embedded development.

I'm currently using Neo4j in a private project / little startup for software dependency analysis. Nowadays it's normal to use a lot of open source software and to have quite a few direct dependencies as well as many transitive dependencies.

I'm trying to solve question like

  • What licenses do my dependencies have?
  • What CVEs are published for my dependencies?
  • Why is that dependency even included in my artifact? What is the path to that package?
  • How does my software supply chain look like?
  • Can I create an SBOM for my artifacts ideally integrated into my CI/CD pipelines?

I know there are already solutions out there trying to solve this problem but none of them are ideal, have everything I want or are simple to use.

Happy to join the community.

1 Like

Hi @mirco.zeiss and welcome to the Neo4j community!

Software dependency analysis is both timeless and very active, which probably means there is an opportunity for the right solution. We'll be happy to help with applying Neo4j and cheer you on as you make progress.