Sid D 4 Posted June 26, 2023 Is there any tool available to create a SBOM for a Delphi Application or DLL? Thanks Sid 2 Share this post Link to post
Lars Fosdal 1792 Posted June 27, 2023 I would have said that this is a manual task, as components or libaries might not be easily identifiable. In theory, you could write something that scanned the source files and picked out copyright messages, but the list would probably be ripe with duplicates, and have many missing entries. On the other hand - if the scanning could be done out-of-project and connect units to a vendor once and for all and allow for manual tidying, then it would basically be about scanning the map file post build, and create and link a resource text (or JSON or XML) with the SBOM info. Sounds like a development opportunity for a creative person with time to spare. Share this post Link to post
VLDG 1 Posted August 31, 2023 On 6/26/2023 at 11:49 PM, Sid D said: Is there any tool available to create a SBOM for a Delphi Application or DLL? Thanks Sid we are also looking for this. Any news ? Share this post Link to post
dummzeuch 1505 Posted September 1, 2023 (edited) I've got a tab on our About dialog that lists all open source libraries used in the project based on checking whether a specific unit is linked to the executable. The idea there is to automatically provide credits to these, but it could be extended to also include commercial libraries as well. Just find a unit name in these libraries that is always llinked in when the library is used. It looks like this: That's not quite an SBOM, but it is a good start, I think. Of course this only makes is easier to get such a list if you have more than a few programs, otherwise doing it manually would not be such a chore either. Here is the Stack Overflow question that got me started on how to do that: https://stackoverflow.com/q/12104914/49925 Edited September 1, 2023 by dummzeuch 1 Share this post Link to post
David Heffernan 2345 Posted September 1, 2023 There are commercial tools to support this. I sure websearch will find them. As soon as you link to anything that isn't delphi then the desire for a tool for Delphi is a bit pointless. Share this post Link to post
Sid D 4 Posted October 12, 2023 On 8/31/2023 at 1:29 PM, VLDG said: we are also looking for this. Any news ? No, haven't been actively looking lately. Had to create it manually. Share this post Link to post
Sid D 4 Posted October 12, 2023 On 9/1/2023 at 7:10 AM, David Heffernan said: There are commercial tools to support this. I sure websearch will find them. As soon as you link to anything that isn't delphi then the desire for a tool for Delphi is a bit pointless. Couldn't find one for Delphi. 1 Share this post Link to post