Software Bill of Materials #145
Replies: 3 comments 3 replies
-
|
@borg-1of1 this is a really good question, and when I asked around, other folks re-iterated what an important topic this is. We're not covering it in any of the talks this year, but we'll put a note down that folks are interested in it 👍 |
Beta Was this translation helpful? Give feedback.
-
|
I would love to use Dependabot's SCA results to generate an SBOM and have it linked with all the vulnerability alerts throughout GitHub. More info on the Software Package Data Exchange (SPDX) can be found on their site |
Beta Was this translation helpful? Give feedback.
-
|
👋🏻 Hello @borg-1of1 ! Right now, we're collaborating with the larger tech community to develop shared solutions that will make this process easier before the regulations open up to a broader set of software. There's a lot to do, so I don't have any specific timelines I can share at the moment, but most of these discussions are taking place in forums like the OpenSSF and SPDX projects if you want to join in. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Can you talk briefly on generating a Software Bill of Materials or SBOM? This is a required item for selling/delivering software to the US Government.
Beta Was this translation helpful? Give feedback.
All reactions