[Tool Request]: dependency-management-data

[jamietanna]

Tool or Product name

dependency-management-data

Open Source or Proprietary

open source

Company or Organization name

No company

Organization or Company Logo Usage

• [ ] Already a member of SPDX
• [X] Permission to use logo as an SPDX supporter (required if not a member)

Public Contact Email or URL

https;//dmd.tanna.dev

Product or tool website

https;//dmd.tanna.dev

Description

Dependency Management Data (DMD) is a set of tooling to get a better understanding of the use of dependencies across your organisation.

The project consumes various formats (including SPDX SBOMs) and can then provide insight into use of deprecated, unmaintained or insecure packages, as well as providing a queryable interface (using SQL or GraphQL, so you can target changes across your projects and organisation more appropriately.

SBOM tool category

• [ ] Produce(Build)
• [X] Produce(Analyze)
• [ ] Produce(Edit)
• [x] Consume(View)
• [ ] Consume(Diff)
• [ ] Consume(Import)
• [ ] Transform(Translate)
• [ ] Transform(Merge)
• [ ] Transform(Tool Support)

SPDX Versions supported

• [ ] 2.0
• [ ] 2.1
• [X] 2.2
• [X] 2.3
• [ ] 3.0

SPDX verification

https://dmd.tanna.dev/cookbooks/getting-started-sbom/ + we use the official library

How to procure

Build from source:

go install dmd.tanna.dev/cmd/dmd@latest

Or use pre-built binaries:

https://gitlab.com/tanna.dev/dependency-management-data/-/releases/

Installation instructions

dmd db init --db /path/to/output.db
dmd import sbom --db /path/to/output.db ...

Link to quick start guide

https://dmd.tanna.dev/cookbooks/getting-started-sbom/

[podence]

Added to new page to be deployed.