Bug#1122577: ITP: debsbom -- Software Bill of Materials generator for distributions based on Debian
Holger Levsen
holger at layer-acht.org
Thu Dec 11 15:32:42 GMT 2025
On Thu, Dec 11, 2025 at 03:32:26PM +0100, Felix Moessbauer wrote:
> * Package name : debsbom
> * License : MIT
> debsbom generates SBOMs (Software Bill of Materials) for distributions based on Debian in the two standard formats SPDX and CycloneDX.
> The generated SBOM includes all installed binary packages and also contains Debian Source packages.
awesome! kudos & thank you! <3
Disclaimer: I haven't looked at it yet and *I* don't need it but we have discussed
this for many years already so I'm glad someone/you finally wrote this!
Does it download/include .buildinfo files into the SBOMs?
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
»Sieh, dass du Mensch bleibst. Mensch sein ist von allem die Hauptsache.
Und das heißt fest und klar und heiter sein, ja heiter, trotz alledem.«
(Rosa Luxemburg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20251211/80edebcf/attachment.sig>
More information about the Reproducible-builds
mailing list