|
|
|
|
|
|
by onei
947 days ago
|
|
|
It won't tell you about malware. It just means when my customers have questions about well publicised vulnerabilities in open source dependencies, they can audit themselves for the presence of that dependency with a set of standard tooling. That said, my company is moving towards having SBOMs, but seems to be making them available on request only. Which in my mind defeats the point of having them. |
|
|