SBOMs - Anywhere?
Bernhard M. Wiedemann
bernhardout at lsmod.de
Fri Mar 3 10:26:10 UTC 2023
On 25/02/2023 16.56, Anthony Harrison wrote:
> More tools are in the pipeline, including one to generate an SBOM from
> an installed platform distribution or package (currently works for
> Debian systems, work in progress for RPM based systems) and an audit
> tool. I hope to publish these in the next couple of weeks.
I want to mention that we can already generate [1] and publish [2] SBOMs
in our Open-Build-Service to meet SLSA level4 requirements.
[1] https://github.com/openSUSE/obs-build/search?q=SBOM
[2]
https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230303/d4c87e2f/attachment.sig>
More information about the rb-general
mailing list