Yep. Same with Airflow - we produce SBOMS and (for now we publish them on our website - but with ATR, one of the things will likely be to publish SBOMS there) :)
On Thu, Oct 16, 2025 at 6:14 PM Piotr P. Karwasz <[email protected]> wrote: > Hi Michael, > > On 22.09.2025 16:55, Michael Bouschen wrote: > > Do you know whether there are any plans to publish SBOM files at the ASF? > > If yes, do you know where they are published and is there a specific > > process for this? > > Sorry for the delayed response: I missed your email earlier. > > Yes, there are plans to publish SBOMs via the Apache Trusted Releases > system currently being developed by the Apache Tooling team. > > In Apache Logging, we already have an automated release pipeline up to > the point where we submit the release candidate to Nexus and Subversion. > Once Apache Trusted Releases moves beyond the alpha stage, we plan to > upgrade our pipeline to use it. After that, we’ll be able to help other > Maven-based projects adopt the same approach. > > Best regards, > Piotr > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: > [email protected] > >
