TrustSource Open Source Risk Management and Compliance
The platform knows all license and vulnerability information of open source components, derives the obligations depending on your specific case and helps to organize all required materials (e.g. Bill of materials, Notice files, etc.). NBut not enough it also supports the creation and publication of the corresponding materials.
Compliance or Project managers may view all dependencies, security analysts may assess vulnerabilities or compliance ,managers may manage legal obligations without the need to access code, while developers may supply the platform from within their IDE. Find more information at https://www.trustsource.io/features
Additional dependency graphs as well a magnitude of reports, lists and filters help to manage the complexity of even larger project in a smooth way.
The plugin itself is open source (see Github) the platform has a free usage tier (API key required).