I’m happy to introduce a new application I’ve been working on the past couple of weeks, It Depends. I’ve been working on it because at work I’d like to see, and search for that matter, the dependencies of the systems we build. We already configured a pipeline step to generate a SBOM using CycloneDX for .NET, so the next step is to view that SBOM.
This is where It Depends comes into the picture to visualize those CycloneDX SBOM reports. Because I like building applications and am a huge fan of open source software, It makes sense to just start building an application and releasing it publicly for everyone to use and not just me.
As of right now, It Depends can read CycloneDX SBOM files and display them in a GUI (see the screenshot below).
The dependencies list you see on the right side consists of all the dependencies of a software system, including the transitive dependencies. In the future there’s going to be an update which allows for a better view of the direct and transitive dependencies which gives you a better insight in what packages you can actually update if necessary.
Eventually, It Depends should also be able to connect to Maven Central or Nuget for example. This allows It Depends to display a tag if a newer version is available.
There’s a limitation to It Depends however, it will not continuously check for updated versions, only when you open a SBOM file. For this functionality I recommend you use dependency track.