Open asmith26 opened 4 months ago
Hey @asmith26, we sure are discussing this. It would be best for integration purposes if someone (most likely a company) comes to help us with this in the form of an integration partner, as these features are hard to build without proper third-party testing and validation.
If this is something you could help with please let us know!
That said, with conda-forge/pixi we do have the ability to do this very well as we know where and how things are build (conda-forge) and the lock-file describes the packages extremely detailed. So this is not an unsolvable problem. An SBOM is just an extra step in the generation process.
Problem description
Hi,
Just wondering if there any tools for pixi that work like
pip-audit
, or if there are plans to integrate such a tool directly into pixi?For reference (from https://pypi.org/project/pip-audit/):
Thanks!