The notes of Justin Abrahms

Search

Recently updated

Knight movement
Sep 29, 2024
- chess
Managing Diversity
Sep 29, 2024
- book
github pull request querying
Sep 29, 2024

❯

❯

sbom scorecard

Aug 25, 20241 min read

Software Bill of Materials (SBOM)

Had a chat in the Continuous Delivery Foundation (CDF) working group on supply chain.

There was general interest in the idea of scoring sboms.

SBOM sources:

Parth Patel has a public bucket of sboms from GHCR
- https://storage.googleapis.com/storage/v1/b/oopsallsboms/o
jenkins-x and tekton both generate sboms.
https://github.com/spdx/spdx-examples
John Speed Meyers (jsmeyers@chainguard.dev) has a pile he got from sourceforge.
Chainguard has really good ones for their images.

TODO download a pile of sboms

Issues of sbom-scorecard

Chat with OpenSSF about possibly including it in their scorecard.

Graph View

TODO download a pile of sboms
Issues of sbom-scorecard
Chat with OpenSSF about possibly including it in their scorecard.

Backlinks

No backlinks found

Created with Quartz v4.3.0 © 2024

GitHub
Email
bsky