SBOMs - Anywhere?

Bernhard M. Wiedemann bernhardout at lsmod.de
Fri Mar 3 10:26:10 UTC 2023



On 25/02/2023 16.56, Anthony Harrison wrote:
> More tools are in the pipeline, including one to generate an SBOM from 
> an installed platform distribution or package (currently works for 
> Debian systems, work in progress for RPM based systems) and an audit 
> tool. I hope to publish these in the next couple of weeks.

I want to mention that we can already generate [1] and publish [2] SBOMs 
in our Open-Build-Service to meet SLSA level4 requirements.


[1] https://github.com/openSUSE/obs-build/search?q=SBOM
[2] 
https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230303/d4c87e2f/attachment.sig>


More information about the rb-general mailing list