Open ncoghlan opened 2 weeks ago
See https://github.com/sethmlarson/sboms-for-python-packages for general notes on SBOMs in the Python ecosystem (and the limitations thereof).
However, even without that more detailed SBOM metadata that reports external dependencies, it should be feasible to produce at least high level SBOMs that cover the locked Python components included in each environment layer.
See https://github.com/sethmlarson/sboms-for-python-packages for general notes on SBOMs in the Python ecosystem (and the limitations thereof).
However, even without that more detailed SBOM metadata that reports external dependencies, it should be feasible to produce at least high level SBOMs that cover the locked Python components included in each environment layer.