You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/15 20:33:03 UTC

[GitHub] [pulsar] hpvd commented on issue #14168: [PIP 141] Pulsar BOM

hpvd commented on issue #14168:
URL: https://github.com/apache/pulsar/issues/14168#issuecomment-1156902848

   vote for reopening, since a SBOM (Software Bill of Materials) in the Software Package Data Exchange (SPDX) format
   (an international open standard (ISO) for communicating SBOM information)
   is very helpful and already becomes mandatory for some application/in some organizations to manage security, compliance, and compatibility.
   
   Other major projects provides it e.g. kubernetes see  https://sbom.k8s.io/v1.21.3/source
   
   here is a great blog post, how this can help to map it to Vulnerabilities databases
   e.g. directly to [Open Source Vulnerabilities (OSV) database](https://osv.dev/)
   which aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., [Github Advisory Database (GHSA)](https://github.com/advisories), [Global Security Database (GSD)](https://github.com/cloudsecurityalliance/gsd-database)).
   https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
   
   There is also a tool from kubernetes which helps generating the bom https://github.com/kubernetes-sigs/bom
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org