go-template icon indicating copy to clipboard operation
go-template copied to clipboard

Published 20 hours ago verified publisher icon SchwarzIT

Checkout ORT vs syft for generating SBOM

Open linuxluigi opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe.

No known problem.

Describe the solution you'd like

Currently this project auto generated SBOM with syft. After attemting the SBOM Devroom on the fosdem I'm currious if ORT will be generating a better SBOM than syft. Ort claims, that it will include not just software dependencies from the package manager, it will also include warpped libs like from C++. Also, is has an Open Source Policy Checker included. If this works as promised, we could run ORT on each PR for OpenSource licencing check and generate the SBOM with it.

Describe alternatives you've considered

Keep using syft

Search

  • [X] I did search for other open and closed issues before opening this.

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

Additional context

No response

linuxluigi avatar Feb 06 '23 06:02 linuxluigi