poutine icon indicating copy to clipboard operation
poutine copied to clipboard
verified publisher icon boostsecurityio

Output SBOM

Open fproulx-boostsecurity opened this issue 1 year ago • 1 comments

Support CycloneDX and SPDX

Looks like SPDX Build Profile is quite ahead on this topic https://docs.google.com/presentation/d/11V7Qg-iyqYRtV7TB6yW7M3MFPkWVVGFo3UxbpCuyecE/edit?resourcekey=0-vlH2T9qHFIvmrdrr6c0ZSQ#slide=id.g194bd5fd766_0_723 https://spdx.dev/learn/areas-of-interest/build/

fproulx-boostsecurity avatar May 02 '24 19:05 fproulx-boostsecurity

CycloneDX has the concept of formulation which describes both the declared and observed formulas for how something came to be, such as how software was built, tested, and deployed, or how AI models were trained, evaluated, and fine-tuned.

This support has been available since CycloneDX v1.5 with many of the official CycloneDX libraries having added support to it.

Please reach out to the CycloneDX community with any questions the Poutine community may have.

Slack: https://cyclonedx.org/slack Invite: https://cyclonedx.org/slack/invite

stevespringett avatar May 10 '24 20:05 stevespringett