<div dir="ltr">Bernhard<div><br></div><div>This is good to hear. I can see that you have some Perl modules generating SBOMs (that is pretty unique from what I see in the SBOM creation world!) but where are the generated SBOMs stored as I can't find them in the github repo?</div><div><br></div><div>Regards</div><div><br></div><div>Anthony</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 3 Mar 2023 at 10:26, Bernhard M. Wiedemann via rb-general <<a href="mailto:rb-general@lists.reproducible-builds.org">rb-general@lists.reproducible-builds.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
On 25/02/2023 16.56, Anthony Harrison wrote:<br>
> More tools are in the pipeline, including one to generate an SBOM from <br>
> an installed platform distribution or package (currently works for <br>
> Debian systems, work in progress for RPM based systems) and an audit <br>
> tool. I hope to publish these in the next couple of weeks.<br>
<br>
I want to mention that we can already generate [1] and publish [2] SBOMs <br>
in our Open-Build-Service to meet SLSA level4 requirements.<br>
<br>
<br>
[1] <a href="https://github.com/openSUSE/obs-build/search?q=SBOM" rel="noreferrer" target="_blank">https://github.com/openSUSE/obs-build/search?q=SBOM</a><br>
[2] <br>
<a href="https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717" rel="noreferrer" target="_blank">https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717</a><br>
</blockquote></div>