Hello, During a recent discussion elsewhere we figured it might be nice to collect the SBOMs currently published by Apache projects in a single place to facilitate experimentation. I've put those at https://github.com/apache/security-site/tree/sboms/sboms for now. As you can see there's already a fair number of ASF projects publishing SBOMs, and I'm sure I've missed some - LMK.
I also created an interactive visualization showing the interrelationships between projects that are publishing SBOMs. You can find it at https://security-tools-ec2-va.apache.org/sbom/. You can enable/disable projects and drag nodes around - best enjoyed on desktop :). If you're missing any projects, help them get their SBOMs published and included! If you want to read up on SBOMs or share knowledge, check out https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials Kind regards, -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
