snazy opened a new issue, #2905: URL: https://github.com/apache/polaris/issues/2905
### Is your feature request related to a problem? Please describe. SBOMs (Software Bill of Materials) provide machine readable inventory of components and dependencies that make up a piece of software. The most common standardized formats for SBOMs are SPDX and CycloneDX. SPDX focuses on legal Compliance, licensing & IP due diligence. CycloneDX focuses on security, vulnerability tracking & risk analysis. The following Polaris distribution artifacts deserve SBOMs: * Source tarball * Binary zip/tarball distribution w/ server + admin tool * Docker images for server + admin tool * Python client Apache Trusted Releases likely require SBOMs. ### Describe the solution you'd like _No response_ ### Describe alternatives you've considered _No response_ ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
