💾 Archived View for gemini.bortzmeyer.org › fosdem › event-11521.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Steve Winslow
Type devroom
Generating SPDX documents for CMake and Zephyr
Starts on day 2 (2021-02-07) at 15:35 (Brussels time, UTC+1) in room Composition (duration 00:15)
Matrix room #composition:fosdem.org
A Software Bill of Materials (SBoM) can communicate details about a software package's contents, as well as the inputs and sources that were used to build it. However, SBoMs created by manual processes can often be incomplete, incorrect or out-of-date as a software package evolves. Effective use of SBoMs will typically require creating them during the build process itself using automated tooling. In this talk, I will present a proof-of-concept for generating an SPDX SBoM for CMake-based projects.