LME icon indicating copy to clipboard operation
LME copied to clipboard
verified publisher icon cisagov

Static SBOM

Open Roger-CISA opened this issue 2 years ago • 3 comments

Overview This effort aims to provide a pre-generated, version-specific Software Bill of Materials (SBOM) that details the software components, dependencies, and licenses included in each official LME release. This static SBOM will be updated with each LME release and will be made available directly in the LME GitHub repo in [insert URL]

Future releases will introduce an improvement to this feature that allows users to generate deployment-specific SBOMs in real time. This approach will reflect each user's unique configuration and installed components.

Roger-CISA avatar Dec 08 '23 15:12 Roger-CISA

Add remarks about github native SBOM and your use of the SPDX standard for output in the final product.

dcernoch avatar Dec 15 '23 15:12 dcernoch

Adding @rishagg01 as a watcher.

safiuddinr avatar May 13 '24 17:05 safiuddinr