[clvx]

I have a hot take on this. I don’t care how you build and deploy as long as it’s reproducible and the whole process can be tracked in their metadata. I’d rather have a process validating CI/CD stages and artifacts metadata in a central db than unifying pipelines that won’t get standardized due communication complexity. This way I can have a conversation on visibility rather than code edge cases.

[ttyprintk]

This is important for SBOM (software bill-of-materials) which will soon be mandatory in regulated domains.

[eddsolves]

What will SBOM require in regulated domains?

[ttyprintk]

It's already required in Federal procurement and if you're seeking FDA approval, they've indicated you should prepare for it. I'd wager it reaches other regulated domains once the standards, experience, and tooling stabilize.