Re: LFN TAC Meeting Minutes, Feb. 10, 2021
I added it to the parent pom.xml for one of the ONAP repo’s and did a test run
quite intensive (saturated 1 cpu core for 5 minutes or so – single threaded ? )
Not sure if there are other tools being used in Opensource for SBOM generation but the xml and json format of the data seems like it would be the kind of electronic format that could be provided with packaged software for those organizations that require SBOM tracking.
We also have python code in a lot of projects so not sure how an SBOM would be created for that.
I think this allows us to publish our dependencies so someone could quickly determine if we were affected by an attack on someone else.
I don’t think this would prevent an attack on our code would it ?
From: lfn-tac@... <lfn-tac@...> On Behalf Of Jason Hunt
Sent: Thursday, February 11, 2021 4:20 PM
Subject: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Thanks Robert for the input. What do other TAC members (and, in particular, project leads) think?