Discussion Generating 3rd Party Dependency Report

I have a specific request for a software bill of materials (SBOM) for my Unity application. I have tried some automatic scanning tools, but they don't seem to catch anything from the built in package manager.

Does anybody else have experience preparing a report like this for a Unity application? Are there any tools available for this kind of reporting?

Would love to hear any thoughts or ideas!

 

You could probably parse packages-lock.json to get most of the way there. Anything that you've directly imported into Assets/ won't get picked up by that, though, from what I can tell.