jbom icon indicating copy to clipboard operation
jbom copied to clipboard

Published 20 hours ago verified publisher icon eclipse

SBOM services section

Open segaura opened this issue 3 years ago • 2 comments

Readme states "This approach can also include details of services invoked" but looking at code I found no reference of any service discovery procedure or SBOM services section creation. Is this still to be implemented? How does/should it work? (e.g. how and when jbom is supposed to grasp a second-party endpoint)

segaura avatar Sep 19 '22 07:09 segaura

Yes - this is still to be implemented. Would love your help. We would add some instrumentation around service invocation, such as database calls, API calls, etc... You can see the technique in the "Java Observability Toolkit" (jot). Using this data, we can directly add service information to the SBOM.

planetlevel avatar Sep 19 '22 17:09 planetlevel

Thank you for clarification. jot has a promising approach, have put in my list of things to have a better look at.

segaura avatar Sep 20 '22 08:09 segaura