The notes of Justin Abrahms

Recently updated

tests for quartz
Jul 05, 2025
Zero Knowledge Proofs (ZKP)
Jul 05, 2025
Sprint Ceremony input/outputs
Jun 01, 2025

❯

❯

sbom scorecard

Aug 25, 20241 min read

Software Bill of Materials (SBOM)

Had a chat in the Continuous Delivery Foundation (CDF) working group on supply chain.

There was general interest in the idea of scoring sboms.

SBOM sources:

Parth Patel has a public bucket of sboms from GHCR
- https://storage.googleapis.com/storage/v1/b/oopsallsboms/o
jenkins-x and tekton both generate sboms.
https://github.com/spdx/spdx-examples
John Speed Meyers (jsmeyers@chainguard.dev) has a pile he got from sourceforge.
Chainguard has really good ones for their images.

TODO download a pile of sboms

Issues of sbom-scorecard

Chat with OpenSSF about possibly including it in their scorecard.

Graph View

TODO download a pile of sboms
Issues of sbom-scorecard
Chat with OpenSSF about possibly including it in their scorecard.

Backlinks

No backlinks found

Created with Quartz v4.4.0 © 2025

GitHub
Email
bsky