You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/15 20:33:03 UTC
[GitHub] [pulsar] hpvd commented on issue #14168: [PIP 141] Pulsar BOM
hpvd commented on issue #14168:
URL: https://github.com/apache/pulsar/issues/14168#issuecomment-1156902848
vote for reopening, since a SBOM (Software Bill of Materials) in the Software Package Data Exchange (SPDX) format
(an international open standard (ISO) for communicating SBOM information)
is very helpful and already becomes mandatory for some application/in some organizations to manage security, compliance, and compatibility.
Other major projects provides it e.g. kubernetes see https://sbom.k8s.io/v1.21.3/source
here is a great blog post, how this can help to map it to Vulnerabilities databases
e.g. directly to [Open Source Vulnerabilities (OSV) database](https://osv.dev/)
which aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., [Github Advisory Database (GHSA)](https://github.com/advisories), [Global Security Database (GSD)](https://github.com/cloudsecurityalliance/gsd-database)).
https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
There is also a tool from kubernetes which helps generating the bom https://github.com/kubernetes-sigs/bom
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org