Обсуждение: Software Bill of Materials (SBOM)
I'm looking for a way to build sbom files for assembly postgresql, to perform software composition analysis (SCA).
Please, tell me how can I do this?
Thank you.
Hi Cristina,
Have you tried SCANOSS?
To install:
pip3 install scanoss
To generate your SBOM (SPDX lite):
scanoss-py scan --format spdxlite DIRECTORY/
Alternatively, in CycloneDX format instead:
scanoss-py scan --format cyclonedx DIRECTORY/
Hope this helps.
Regards,
Julian
From: Кристина Валентей <klsst1nv0@gmail.com>
Date: Saturday, 13 January 2024 at 12:03
To: pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Subject: Software Bill of Materials (SBOM)
Good afternoon.
I'm looking for a way to build sbom files for assembly postgresql, to perform software composition analysis (SCA).
Please, tell me how can I do this?
Thank you.
SCANOSS is very good, but it is probably not suitable for searching external libraries that POSTGRESQL uses.
Therefore, I again ask you to tell me if there is a ready-made SBOM file for project POSTGRESQL, or a tool that can create it based on the source code C
Hi Cristina,
Have you tried SCANOSS?
To install:
pip3 install scanoss
To generate your SBOM (SPDX lite):
scanoss-py scan --format spdxlite DIRECTORY/
Alternatively, in CycloneDX format instead:
scanoss-py scan --format cyclonedx DIRECTORY/
Hope this helps.
Regards,
Julian
From: Кристина Валентей <klsst1nv0@gmail.com>
Date: Saturday, 13 January 2024 at 12:03
To: pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Subject: Software Bill of Materials (SBOM)Good afternoon.
I'm looking for a way to build sbom files for assembly postgresql, to perform software composition analysis (SCA).
Please, tell me how can I do this?
Thank you.