Adding a software bill of materials (SBOM)

[Rot127]

Is your feature request related to a problem? Please describe.

Adding a software bill of materials (SBOM) has several advantages:

• Possibly increases the attractiveness for corporate use cases of Rizin.
• Gives us a better understanding of our dependencies.
• Possibly allows for automated CVE detection of dependencies we use.
• Since software will be more regulated by legislation in the future, it might be better to start now with basic due diligence and supply chain security then later.

Describe the solution you'd like

Discuss which SBOM format should be used and write one.

Describe alternatives you've considered

• It could be wise to wait until the Cyber Resilience Act (summary and intro by Bert Hubert) has defined some standards how to do supply chain security and orient our-self on it.
• Not adding one, if it is too much effort.

Additional context

Also related with the issue of copied code:

• https://github.com/rizinorg/rizin/issues/2704
• https://github.com/rizinorg/rizin/issues/814

[XVilka]

There is a bunch of existing tools for that: https://github.com/awesomeSBOM/awesome-sbom