Hey,
I'm Mirco from Darmstadt, Germany. I'm married, have 2 daughters and a dog. I work as an IT architect and I've been in the tech business for the last 20 years. I've been doing frontend, backend, DBs and also embedded development.
I'm currently using Neo4j in a private project / little startup for software dependency analysis. Nowadays it's normal to use a lot of open source software and to have quite a few direct dependencies as well as many transitive dependencies.
I'm trying to solve question like
- What licenses do my dependencies have?
- What CVEs are published for my dependencies?
- Why is that dependency even included in my artifact? What is the path to that package?
- How does my software supply chain look like?
- Can I create an SBOM for my artifacts ideally integrated into my CI/CD pipelines?
I know there are already solutions out there trying to solve this problem but none of them are ideal, have everything I want or are simple to use.
Happy to join the community.