Closed SebastianSchuetze closed 8 months ago
👋 I have added a sample using the microsoft/sbom-tool with Azure Pipelines via #18
Thanks. Does that mean this sbom tool will be used under the hoods @felickz ?
Thanks. Does that mean this sbom tool will be used under the hoods @felickz ?
Slightly inverted - the SBOM tool uses the same microsoft/component-detection framework to detect dependencies. This is the same core engine used for GHAzDO Dependency Scanning.
Very cool and thanks! I will close this!
An example or POC of how to create an SBOM file in a similar how it would be planned in GitHub Advanced Security for Azure DevOps. So we could go for a way that we can use now but is easy to change for the nativ approach.