SW360 lets organizations manage third-party and own software components throughout the entire life cycle. Using SW360 as a one-stop shop for component information, organizations can track the components used in a project or product to:
- assess security vulnerabilities;
- reliably maintain license information;
- enforce software-related policies; generate customized reports;
- manage BOMs of products/solutions/projects;
- are able to automatically generate project or product required license compliance artifacts (e.g. Readme file / disclosure documents).
It is built for easy integration with other tools and data sources, such as license scanners, code scanners, static code analysis or build infrastructure.
As an EPL-1.0 licensed Open Source project on Github (https://www.github.com/sw360), it is highly customizable, let organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor.
Like any other OSS project SW360 can be used free of charge (no license fees have to be paid). Siemens Corporate Technology and Bosch Software Innovations are core contributors to the SW360 project.
4