https://OpenChain-Project.github.io/OpenChain-KWG/en/tags/automation/Recent content in Automation on OpenChain KWGHugoenhttps://OpenChain-Project.github.io/OpenChain-KWG/en/guide/tools/8-cdxgen-dt/Mon, 01 Jan 0001 00:00:00 +0000https://OpenChain-Project.github.io/OpenChain-KWG/en/guide/tools/8-cdxgen-dt/<p>For companies just starting with open source management, we recommend the <strong>cdxgen + Dependency-Track</strong> combination as a toolset that can establish a basic automation environment within a single day.</p> <p>This guide walks you through every step, from installation and configuration to setting up a license and vulnerability inspection environment and running day-to-day operations.</p> <h2 id="why-cdxgen--dependency-track">Why cdxgen + Dependency-Track</h2> <p>Open source management comes down to two essentials.</p> <ol> <li><strong>Know what is inside</strong> — generating an SBOM (Software Bill of Materials)</li> <li><strong>Continuously monitor risk</strong> — detecting vulnerabilities (CVEs) and license policy violations</li> </ol> <p>cdxgen handles the first, and Dependency-Track handles the second. Both tools are <strong>free open source</strong> under the Apache-2.0 license.</p>