SBOM support
#10
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Software Bill of Materials (SBOM) https://www.cisa.gov/sbom are a really nice way to address software supply chain risk. This is supported by the CNB spec https://github.com/buildpacks/spec/blob/main/buildpack.md. It would be great if the Heroku buildpacks could annotate what dependencies it installed and populate an associated SBOM.
Beta Was this translation helpful? Give feedback.
All reactions