ALRubinger
commented
10 months ago We'll start using FOSSA; it handles SBOM generation, verified working already in CYCLONEDX and SPDX formats.
Open ALRubinger opened 10 months ago
ALRubinger
commented
10 months ago We'll start using FOSSA; it handles SBOM generation, verified working already in CYCLONEDX and SPDX formats.
ALRubinger
commented
4 months ago @leordev paused on this to work on metrics, still valid.
ALRubinger
commented
4 months ago Current status: this is now about attaching the SBOM to the release; also the SBOM report is not available unless logged into FOSSA
A Software Bill of Materials (SBOM) provides a comprehensive inventory of all software components, dependencies, and libraries in a product, aiding in vulnerability management and compliance checks. An SBOM gives clear visibility into the software's makeup, allowing organizations to identify potential security risks quickly and verify the use of licensed components, ensuring adherence to open-source licenses and other compliance requirements.
Dependencies:
82