felickz
commented
9 months ago 👋 I have added a sample using the microsoft/sbom-tool with Azure Pipelines via #18
Closed SebastianSchuetze closed 8 months ago
felickz
commented
9 months ago 👋 I have added a sample using the microsoft/sbom-tool with Azure Pipelines via #18
SebastianSchuetze
commented
9 months ago Thanks. Does that mean this sbom tool will be used under the hoods @felickz ?
felickz
commented
8 months ago Thanks. Does that mean this sbom tool will be used under the hoods @felickz ?
Slightly inverted - the SBOM tool uses the same microsoft/component-detection framework to detect dependencies. This is the same core engine used for GHAzDO Dependency Scanning.
SebastianSchuetze
commented
8 months ago Very cool and thanks! I will close this!
An example or POC of how to create an SBOM file in a similar how it would be planned in GitHub Advanced Security for Azure DevOps. So we could go for a way that we can use now but is easy to change for the nativ approach.