I need to create a monthly report that include SBOM file for QT C++ project (that still works with QMake) The issue with C++ are:
- It not includes versions for each included packages
- Tried the tool called CycloneDX but it still not offering any data from QMake (.pro files) and there is no documentation for included packages versions
I need suggestions how to improve my automation report, what tool can make the SBOM report for QT C++ project dependencies?
Can you suggest some better tool for this job? and automation?
thanks, Arthur.
I've also encountered challenges in creating SBOMs for a C/C++ based product recently. While tools like Labrador Labs (labradorlabs.ai) offer code scanning capabilities to build SBOMs, I've found greater success with binary analysis tools, specifically Netrise (netrise.io). My work primarily involves embedded systems, which often require custom scripts to package various binary artifacts (e.g., shared libraries, filesystems, containers). In such cases, binary analysis provides a more accurate method for scanning. One complex issue is ensuring all packages that enter the firmware image are accurately enumerated, and avoiding the inclusion of packages that, although initially considered, do not end up in the final image.