Just read about the new Software Composition capability from Mendix, and I think it’s a big step forward for anyone managing multiple Mendix apps or dealing with security reviews!

If your application landscape is getting more complex and you’re fielding questions from security teams about open-source components, this update is for you. Mendix now automatically generates a Software Bill of Materials (SBOM) for each deployment package (with supported Studio Pro versions), giving you a clear, easy-to-read inventory of all third-party modules, widgets, Java libraries, and npm packages in your apps. No more parsing through confusing files—everything is visible right in the Control Center or Mendix Portal, both at the application and landscape level.

What I really appreciate is how this makes it so much easier to spot outdated or vulnerable dependencies and to show stakeholders exactly what’s running in your environment. You can even export the list or drill down to see where each component is used.

If you’re serious about keeping your apps secure and compliant, I highly recommend checking out the full announcement: https://www.mendix.com/blog/software-composition-why-what-and-how/

Let’s keep building safer, smarter apps together! 🚀