thank you Julian for your answer. SCANOSS is very good, but it is probably not suitable for searching external libraries that POSTGRESQL uses.
Therefore, I again ask you to tell me if there is a ready-made SBOM file for project POSTGRESQL, or a tool that can create it based on the source code C сб, 13 янв. 2024 г. в 14:10, Julian Coccia <julian.coc...@scanoss.com>: > Hi Cristina, > > > > Have you tried SCANOSS? > > > > To install: > > pip3 install scanoss > > > > To generate your SBOM (SPDX lite): > > scanoss-py scan --format spdxlite DIRECTORY/ > > > > Alternatively, in CycloneDX format instead: > > scanoss-py scan --format cyclonedx DIRECTORY/ > > > Hope this helps. > > > > Regards, > > Julian > > > > *From: *Кристина Валентей <klsst1...@gmail.com> > *Date: *Saturday, 13 January 2024 at 12:03 > *To: *pgsql-general@lists.postgresql.org < > pgsql-general@lists.postgresql.org> > *Subject: *Software Bill of Materials (SBOM) > > Good afternoon. > I'm looking for a way to build sbom files for assembly postgresql, to > perform software composition analysis (SCA). > > Please, tell me how can I do this? > > Thank you. >
