A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. [1]
Motivation
With SBOM emerging as key building block in supply chain risk management Eiffel should describe how to create/reference them.
Exemplification
We would have a guide/how-to on how to create/reference SBOMs
Benefits
A description on how to create/refence SBOMs would make the Eiffel documentation more complete.
Description
CISA describes SBOMs as:
Motivation
With SBOM emerging as key building block in supply chain risk management Eiffel should describe how to create/reference them.
Exemplification
We would have a guide/how-to on how to create/reference SBOMs
Benefits
A description on how to create/refence SBOMs would make the Eiffel documentation more complete.
Possible Drawbacks
None that I can think of
[1] https://www.cisa.gov/sbom