[feat]: Generate a Software Bill of Materials (SBOM) as part of the build process #457
Labels
All OS
All OS
build
enhancement
New feature or request
major issue
Major issue, lots of change and testing
Security
Security Related Issues
Milestone
An SBOM is a detailed inventory of all components within a software application, including open-source libraries, third-party dependencies, licenses, and known vulnerabilities. It serves as a critical tool for managing software supply chain risks, ensuring compliance, and enhancing security.
Its becoming more common on desktop apps and we should adopt this to allow for easier use in enterprises that require a SBOM.
We should standardise on
https://github.com/anchore/syft
and use
https://github.com/anchore/grype for the code scanning
Feedback from the team is that grype is identifying issues Sonar is missing.
The outputted sbom should be added as a release artifact artefact.
The text was updated successfully, but these errors were encountered: