Given another thread just now, SBOM should be generated in Scout config... I am bringing this thread back for attention and context about SBOMs ...
also, note that NIST has recently published a paper for comment requiring vendors to automatically publish SBOMs. https://www.cisa.gov/resources-tools/resources/2025-minimum-elements-software-bill-materials- sbom ASF projects working on SBOM https://cwiki.apache.org/confluence/display/comdev/sbom <https://cwiki.apache.org/confluence/display/comdev/sbom> more https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials <https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials> On Sun, Nov 3, 2024 at 9:40 PM James Dailey <[email protected]> wrote: > Devs - While not *yet* a requirement for projects, it would be useful for > the Fineract community to publish a SBOM. > > > https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials > > One technique is to use a Gradle plugin, cycloneDX. It takes some > configuration. > > Before I create a ticket for this, is there anything relevant to this > topic on the project? > > Do we have a dependency graph? > > Thanks >
