In order to comply with the use of open source, when setting up the SBOM, care must be taken not only to list the components, but also to show how they are incorporated into your products (this is a multidimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc.), and how properties may propagate through the dependency tree. Keeping track of these complex relationships based on a text file or tables is extremely difficult. As part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea, a visualisation of the meta information was implemented that displays the relationships and potential risks quickly and in an easy-to-understand way.
