Collaboration with our LibTracker Tool

[windmillcode0]

Greetings it seems that your tool dependency track and the various npm packages you have for generating SBOM for projects and packages seems to be in align with our project LibTracker. I would like for you to review our project and what we are doing and see if we have mutual interests.

You can read more about it here
https://dev.to/windmillcode

You can access our extension here
https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker

Looking forward to collaboration

[prabhu]

As an open-source project under the OWASP Foundation, you can absolutely feel free to wrap and integrate our projects without any doubts or hesitation. Please respect the conditions of the Apache-2.0 license.

We can try and help on a best-effort basis, but no promises.

[windmillcode0]

Did you happen to by any chance review the product and try to see if there could be potential subsidizing interests. I am open to renaming the product to dependecyTrack for vscode to help increase your customer base?

[prabhu]

There is an existing project called "Dependency Track" under OWASP. We are a separate team called cdxgen.

[windmillcode0]

However it seems your contact is also the contact for dependency track can you provide us their contact information?

[windmillcode0]

If you have looked at our application would your cdxgen codde be able to generate the same amount of information as CycloneDX. I suppose we have to do in-depth analysis to see if your js library can generate all the data points we require. Therefore lessing the development time to 1 month potentially