There is this page here which mentions projects you don't have listed like Groovy and Hadoop:
https://cwiki.apache.org/confluence/display/COMDEV/SBOM Solr is listed as producing an SBOM but not yet published. For Groovy we publish an SBOM for each jar artifact but not for our zips yet. We publish the SBOM files alongside the jar files. Cheers, Paul. <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Mon, Oct 21, 2024 at 11:34 PM Arnout Engelen <enge...@apache.org> wrote: > > Hello, > > During a recent discussion elsewhere we figured it might be nice to collect > the SBOMs currently published by Apache projects in a single place to > facilitate experimentation. I've put those at > https://github.com/apache/security-site/tree/sboms/sboms for now. As you > can see there's already a fair number of ASF projects publishing SBOMs, and > I'm sure I've missed some - LMK. > > I also created an interactive visualization showing the interrelationships > between projects that are publishing SBOMs. You can find it at > https://security-tools-ec2-va.apache.org/sbom/. You can enable/disable > projects and drag nodes around - best enjoyed on desktop :). If you're > missing any projects, help them get their SBOMs published and included! > > If you want to read up on SBOMs or share knowledge, check out > https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials > > > Kind regards, > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org For additional commands, e-mail: security-discuss-h...@community.apache.org
