Hi Arnout, I think there are a couple of Commons components missing like Lang and IO. Most components published in the past year should have SBOMs.
Gaty On Mon, Oct 21, 2024, 9:35 AM Arnout Engelen <enge...@apache.org> wrote: > Hello, > > During a recent discussion elsewhere we figured it might be nice to collect > the SBOMs currently published by Apache projects in a single place to > facilitate experimentation. I've put those at > https://github.com/apache/security-site/tree/sboms/sboms for now. As you > can see there's already a fair number of ASF projects publishing SBOMs, and > I'm sure I've missed some - LMK. > > I also created an interactive visualization showing the interrelationships > between projects that are publishing SBOMs. You can find it at > https://security-tools-ec2-va.apache.org/sbom/. You can enable/disable > projects and drag nodes around - best enjoyed on desktop :). If you're > missing any projects, help them get their SBOMs published and included! > > If you want to read up on SBOMs or share knowledge, check out > > https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials > > > Kind regards, > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant >
