|
|
|
|
|
|
by Terretta
706 days ago
|
|
|
You have a lot of firms that care about predictable and performant building that are shifting to you, and one of the things that comes up is SBOM generation for ingestion into tools like guac. https://guac.sh/ https://pypi.org/project/sbom4python/ https://github.com/CycloneDX/cyclonedx-python Your recently added ability to unpin dependencies so devs are more encouraged to stay compatible as they dev, then generate a correct explicit requirements.txt for reproducibility, makes both vuln management and the SBOM step a far easier thing than poetry etc. Thank you! For similar reasons, we use https://hatch.pypa.io/latest/why/ and appreciate that it plays nicely with `uv`. |
|
|