open-source-programs icon indicating copy to clipboard operation
open-source-programs copied to clipboard

Published 20 hours ago verified publisher icon TBD54566975

SBOM Generation

Open ALRubinger opened this issue 1 year ago • 3 comments

A Software Bill of Materials (SBOM) provides a comprehensive inventory of all software components, dependencies, and libraries in a product, aiding in vulnerability management and compliance checks. An SBOM gives clear visibility into the software's makeup, allowing organizations to identify potential security risks quickly and verify the use of licensed components, ensuring adherence to open-source licenses and other compliance requirements.

Dependencies:

  • #82

ALRubinger avatar Dec 05 '23 07:12 ALRubinger

We'll start using FOSSA; it handles SBOM generation, verified working already in CYCLONEDX and SPDX formats.

ALRubinger avatar Dec 05 '23 07:12 ALRubinger

@leordev paused on this to work on metrics, still valid.

ALRubinger avatar May 17 '24 19:05 ALRubinger

Current status: this is now about attaching the SBOM to the release; also the SBOM report is not available unless logged into FOSSA

ALRubinger avatar May 17 '24 19:05 ALRubinger