Neil Craig on Nostr: I've only just noticed that GitHub has a "Download SBOM" button on repos, e.g. ...
I've only just noticed that GitHub has a "Download SBOM" button on repos, e.g. https://github.com/bbc/simorgh/network/dependencies
It's in SPDX format (https://spdx.github.io/spdx-spec/v2.3/introduction/) which seems pretty reasonable to me from a machine-reading PoV.
Hopefully being a standardised format means it can be ingested into standardised tooling.
#WebDev #GitHub #InfoSec #SBOM
It's in SPDX format (https://spdx.github.io/spdx-spec/v2.3/introduction/) which seems pretty reasonable to me from a machine-reading PoV.
Hopefully being a standardised format means it can be ingested into standardised tooling.
#WebDev #GitHub #InfoSec #SBOM