New article: Promising early results for SBOMs in Python packages
Today I published some early validation results from my "SBOM for Python packages" project. TLDR: I forked auditwheel and added some rudimentary SBOM record-keeping for bundled libraries and showed that today's SCA tools are able to use that information out-of-the-box.
Full instructions, public code, and more in the post: https://sethmlarson.dev/early-promising-results-with-sboms-and-python-packages
Don't miss what's next. Subscribe to sethmlarson.dev:
Start the conversation: