Open TheMosquito opened 2 years ago
@bencourliss and @dabooz is this large enough to be treated as a Feature, or should it be kept as an issue?
@bencourliss Does this have any dependencies on migrating any automation, or can/should it be done with existing automation?
Following from US gov't "EO 14028" (Google that string for more info) all US gov't software procurement will require SBOM information. Other industries will likely follow. It should bee pretty straightforward to generate this SBOM information during release builds using tools like Syft (https://github.com/anchore/syft).