hatch icon indicating copy to clipboard operation
hatch copied to clipboard
verified publisher icon pypa

Software Bill of Materials (BOM)

Open drewhall opened this issue 1 year ago • 2 comments

Thank you for Hatch--I love it! Here is an idea for improvement that has been on my mind:

It would be nice to include a command within Hatch to generate SPDX-compatible software bill-of-materials files in JSON or XML format.

You could leverage tools such as those found at SPDX Tools to do most of the heavy lifting.

This would be a nice complement to the SPDX-compatible metadata comments that are automatically inserted into about.py and init.py files by default.

drewhall avatar May 05 '24 19:05 drewhall

Hey there! I would recommend creating a third-party build hook: https://hatch.pypa.io/latest/plugins/build-hook/reference/

ofek avatar May 05 '24 20:05 ofek

Thank you--I will try to do that!

drewhall avatar May 05 '24 20:05 drewhall