JBom can also do runtime SBOMs but isn't as fine-grained as Classport due to looking at all POMs from the used JARs. I.e. JBOM does JAR-level dependency marking at runtime but not class file-level. See its addAllLibraries, scan and parsePom functions here.
This being said, it is a cool project with a lot of ideas for new features and internal structure, e.g.:
[ ] Automatically find PIDs of running processes and attach an agent to them which can use getAllLoadedClasses. This would mean we implement an agentmain in addition to the premain(feature)
[ ] Rethink the types and functions used. This is currently quite ugly (structure was not a priority due to the frequent structural changes), and we should really have types such as sbom, dependency etc. instead. (internal)
[ ] We should probably drop the real-time agent (as default, at least) and instead run everything on shutdown using a hook. This is cleaner, requires less dependencies, and won't slow down the main application (internal)
[ ] Use picocli (feature + internal)
[ ] Research the possibility of creating a DB inside the JAR with all the info, and just have the class file annotation be an index. This can both help with security (if it's a random index) and in minimising the size increase (internal)
JBom can also do runtime SBOMs but isn't as fine-grained as Classport due to looking at all POMs from the used JARs. I.e. JBOM does JAR-level dependency marking at runtime but not class file-level. See its
addAllLibraries,scanandparsePomfunctions here.This being said, it is a cool project with a lot of ideas for new features and internal structure, e.g.:
getAllLoadedClasses. This would mean we implement anagentmainin addition to thepremain(feature)sbom,dependencyetc. instead. (internal)...etc.