Bug#1122577: ITP: debsbom -- Software Bill of Materials generator for distributions based on Debian

[Holger Levsen]

----- Forwarded message from Felix Moessbauer <felix.moessba...@siemens.com> 
-----

Date: Thu, 11 Dec 2025 15:32:26 +0100
From: Felix Moessbauer <felix.moessba...@siemens.com>
To: Debian Bug Tracking System <sub...@bugs.debian.org>
Cc: Felix Moessbauer <felix.moessba...@siemens.com>
Subject: Bug#1122577: ITP: debsbom -- Software Bill of Materials generator for 
distributions based on Debian
Reply-To: Felix Moessbauer <felix.moessba...@siemens.com>, 
1122...@bugs.debian.org
Message-ID: <20251211143246.676938-1-felix.moessba...@siemens.com>
X-Mailer: git-send-email 2.51.0
X-Mailer: reportbug 13.2.0
List-Id: <debian-devel.lists.debian.org>

Package: wnpp
Severity: wishlist
Owner: Felix Moessbauer <felix.moessba...@siemens.com>
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name    : debsbom
  Version         : 0.5.1
  Upstream Contact: Felix Moessbauer <felix.moessba...@siemens.com>
* URL             : https://github.com/siemens/debsbom
* License         : MIT
  Programming Lang: Python
  Description     : Software Bill of Materials generator for distributions 
based on Debian

debsbom generates SBOMs (Software Bill of Materials) for distributions based on 
Debian in the two standard formats SPDX and CycloneDX.
The generated SBOM includes all installed binary packages and also contains 
Debian Source packages.

While the package is still quite young, it already has some known
adoption within the Debian community. It also is the first SBOM
generator (we know of) that fully integrates with the Debian tooling
(dpkg and apt) and that is packagable in Debian.
All needed dependencies are already in sid.

The package further has extensive documentation and clearly documents
design decisions regarding HOW to fill in the various format fields.
This can further be used to work on remaining gaps in Debian to generate
"perfect" SBOMs from the list of installed packages.

I plan to maintain it under the Debian Python Team.

Best regards,
Felix Moessbauer
Siemens AG


----- End forwarded message -----

-- 
cheers,
        Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

“Bitcoin was supposed to demonstrate the power of a true free market. Instead
 it's full of scams, rent-seekers, theft, useless for real purchases and
 accelerates climate change. Mission accomplished.” Adam Chalmers (@adam_chal)

signature.asc
Description: PGP signature

_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds