[ENHANCEMENT] Generating report in CYCLONEDX or SPDX
rsareth opened this issue · comments
Hello,
It is related to #284. There is an Executive Order from your President Biden about securing the supply chain. Since the hack of Solarwinds, generating a Software Bills of Materials seems to be very important in your country. In Europe, I didn't see anything related to a SBOM. I might miss something in EU. But I think it would be an important topic in EU.
The OpenSSF (related to Linux Foundation) has even a dedicated page explaining it: https://openssf.org/blog/2021/05/14/how-lf-communities-enable-security-measures-required-by-the-us-executive-order-on-cybersecurity/
Do you plan to generate reports in CycloneDX and SPDX:
- spdx : https://www.iso.org/standard/81870.html
- cyclonedx: https://cyclonedx.org/specification/overview/
Another site describing those standards: https://www.settletop.com/insights/understanding-sbom-standards-cyclonedx-spdx-swid
Thank you.
Regards,
Rasmey