thank you Julian for your answer.
SCANOSS is very good, but it is probably not suitable for searching
external libraries that POSTGRESQL uses.
Therefore, I again ask you to tell me if there is a ready-made SBOM file
for project POSTGRESQL, or a tool that can create it based on the source
code C
сб, 13 янв. 2024 г. в 14:10, Julian Coccia :
> Hi Cristina,
>
>
>
> Have you tried SCANOSS?
>
>
>
> To install:
>
> pip3 install scanoss
>
>
>
> To generate your SBOM (SPDX lite):
>
> scanoss-py scan --format spdxlite DIRECTORY/
>
>
>
> Alternatively, in CycloneDX format instead:
>
> scanoss-py scan --format cyclonedx DIRECTORY/
>
>
> Hope this helps.
>
>
>
> Regards,
>
> Julian
>
>
>
> *From: *Кристина Валентей
> *Date: *Saturday, 13 January 2024 at 12:03
> *To: *pgsql-general@lists.postgresql.org <
> pgsql-general@lists.postgresql.org>
> *Subject: *Software Bill of Materials (SBOM)
>
> Good afternoon.
> I'm looking for a way to build sbom files for assembly postgresql, to
> perform software composition analysis (SCA).
>
> Please, tell me how can I do this?
>
> Thank you.
>
