SPDX (solely for uniformity and interoperability across supply chain risk management solutions) should be an output format of BAM. There may be better tooling around the binary analysis of all compiled binaries independent of the operating system, and language-specific indicators (encoded sequences found in previous malware of like-kind encoding, etc.
Feel free to point me to repos that may better suit the feature request above.
SPDX (solely for uniformity and interoperability across supply chain risk management solutions) should be an output format of BAM. There may be better tooling around the binary analysis of all compiled binaries independent of the operating system, and language-specific indicators (encoded sequences found in previous malware of like-kind encoding, etc.
Feel free to point me to repos that may better suit the feature request above.