The Software Bill of Materials is now essential for program security, and IBM is helping by donating two open source projects to the Open Web Application Security Project. IBM has contributed two open source projects, SBOM Utility and License Scanner to the https://owasp.org/.
The SBOM Utility is an API platform designed to validate CycloneDX or https://spdx.dev/ format SBOMs against their published schemas.
SBOM Utility and License Scanner
License Scanner is designed to be integrated into existing SBOM software, https://practical-tech.com/2018/07/10/continuous-integration-and-delivery-tool-basics/, or used by itself as a command-line utility.