Thanks for this Arnout, I'm planning to help by adding the weekly SBOMs we are producing at Apache Camel and subprojects.
Please keep me in the loop if you need any help! Il giorno lun 19 feb 2024 alle ore 15:21 Arnout Engelen <enge...@apache.org> ha scritto: > Hello security-discuss, > > More and more Apache projects are producing SBOMs as part of their release > process. Challenges producing and consuming SBOMs are definitely on-topic > for this list, and ideally we can consolidate that knowledge on the wiki[0] > > If you're interested, we've set up a DependencyTrack[1] instance collecting > SBOMs for various Apache projects at [2]. You can log in with your Apache > id. Note that this is all experimental, we may drop all data at any time > ;). > > If you know of any other projects to include, would like help setting up > SBOM publishing for your project, contribute 'nightly' SBOM snapshots, or > discuss other things SBOM, I'm all ears! > > > Kind regards, > > Arnout > > [0]: > > https://cwiki.apache.org/confluence/display/SECURITY/Software+Bill+of+Materials+SBOM > [1]: https://dependencytrack.org/ > [2]: https://security-tools-ec2-va.apache.org >
