-
`uv` is in a prime position to be able to emit an SBOM that reflects the state of the current `uv`-managed virtual environment, or ingest an SBOM to produce a managed virtual environment.
[SBOM](…
-
For this milestone we need to:
- [x] generate a SBOM for gosling
- [x] release gosling beta
- [ ] fix any immediate issues that come out of the beta release
-
### Feature Description
clomonitor requires a valid SBOM is present in a repo to improve the repo score
**SOFTWARE BILL OF MATERIALS (SBOM)**
ID: sbom
List of components in a piece of software…
-
I'll preface this by saying I'm by no means an expert on this topic. But SBOM is becoming a hot topic these days in the software world and I'm curious what, if anything, that means for Orchard Core.
…
-
Owl Corp has been contacted by a certain three letter agency wishing to use Thallium within their department duties, particularly their public outreach campaigns.
To comply with Government regulation…
-
LMCO imposes restrictions on software that can run in sensitive environments. For this project, it's possible to get approval for non-allowlisted software components.
The first step is to create a s…
-
Thank you for Hatch--I love it! Here is an idea for improvement that has been on my mind:
It would be nice to include a command within Hatch to generate SPDX-compatible software bill-of-materials …
-
- https://www.cisa.gov/sbom
- https://en.wikipedia.org/wiki/Software_supply_chain
- https://www.ntia.gov/page/software-bill-materials
- https://www.iotsecurityfoundation.org/wp-content/uploads/2023…
-
In the guide version 1.0, we require PackageChecksum in order to comply with the "NTIA SBOM Minimum elements" for "Component Hash".
However, SPDX 2 provides two possibilities for this, PackageCheck…
-
**Is your feature request related to a problem? Please describe.**
Industry best standards for software security and software supply chain risk management security is to have a software bill of mater…