The complexities of identifying and tracking open-source software (OSS) to comply with license requirements adds friction to the development process and can result in product-release delays. At VMware, we solve this problem using Bazel to create an accurate bill of materials containing OSS and third-party packages during a build.
Aspect to handle implicit dependencies by traversing the output file's generating rules.
Fixes #4
Testing done: Tested with
bazel-buildfarm
code change locally; diff below. The generated bom now contains 145 packages.