What are available - free and commercial - solutions to create reports about components used in a software project (physically, set of source code repositories), with intelligence on features like security situation and license model of used open source components?
One prominent example is - or was - Nexus Enterprise, but are there other solutions?
An open source monitor that comes to my mind is the Census project for security monitoring: https://github.com/linuxfoundation/cii-census
Note: my impression about Nexus Enterprise is about 2 years old, since then the product name and scope has changed afaik and there are also competitors like Seerene.
