|
|
|
|
|
|
by jruohonen
883 days ago
|
|
|
"Various tools are in use already which can report a software bill of materials (SBOM) - Trivy, Syft, Snyk, even GitHub - but whilst these can list dependencies installed by various package managers, none currently report the runtime/s when directed towards a code repository or container." I'd be also interested to know the state-of-the-art of SBOMs and tools thereto. Can someone write a summary article? |
|
|