SBOMs - Anywhere?

Anthony Harrison anthony.p.harrison at gmail.com
Fri Mar 3 16:12:27 UTC 2023


Bernhard

This is good to hear. I can see that you have some Perl modules generating
SBOMs (that is pretty unique from what I see in the SBOM creation world!)
but where are the generated SBOMs stored as I can't find them in the github
repo?

Regards

Anthony

On Fri, 3 Mar 2023 at 10:26, Bernhard M. Wiedemann via rb-general <
rb-general at lists.reproducible-builds.org> wrote:

>
>
> On 25/02/2023 16.56, Anthony Harrison wrote:
> > More tools are in the pipeline, including one to generate an SBOM from
> > an installed platform distribution or package (currently works for
> > Debian systems, work in progress for RPM based systems) and an audit
> > tool. I hope to publish these in the next couple of weeks.
>
> I want to mention that we can already generate [1] and publish [2] SBOMs
> in our Open-Build-Service to meet SLSA level4 requirements.
>
>
> [1] https://github.com/openSUSE/obs-build/search?q=SBOM
> [2]
>
> https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230303/fb2853e7/attachment.htm>


More information about the rb-general mailing list