November 14, 2024

New article: Promising early results for SBOMs in Python packages

Today I published some early validation results from my "SBOM for Python packages" project. TLDR: I forked auditwheel and added some rudimentary SBOM record-keeping for bundled libraries and showed that today's SCA tools are able to use that information out-of-the-box.

Full instructions, public code, and more in the post: https://sethmlarson.dev/early-promising-results-with-sboms-and-python-packages