On 25/02/2023 16.56, Anthony Harrison wrote:
More tools are in the pipeline, including one to generate an SBOM from an installed platform distribution or package (currently works for Debian systems, work in progress for RPM based systems) and an audit tool. I hope to publish these in the next couple of weeks.
I want to mention that we can already generate [1] and publish [2] SBOMs in our Open-Build-Service to meet SLSA level4 requirements.
[1] https://github.com/openSUSE/obs-build/search?q=SBOM[2] https://github.com/openSUSE/open-build-service/blob/1e051bb20fb385695399c79dd8c9920d5fa18273/src/backend/bs_regpush#L717
OpenPGP_signature
Description: OpenPGP digital signature
