Hei!
I'm not often here, but Tux was kind enough to notify me. :-)
It's true there's not much happening on CPAN regarding SBOMs. Ovid quickly put together the initial bits of a CycloneDX parser last year, but no-one has volunteered to pick it up and take it further yet.
I've been focusing on figuring out the actual ecosystem consequences of the EU Cyber Resilience Act, and while there's still a bunch of work left, it's starting to look pretty decent. I've even put together a reading list ; and a glossary – to help me (and anyone else who cares) get an overview of the landscape.
If anyone would like to help make something happen in this regard, I'm happy to share all I know! Please reach out ASAP, as there is a LOT that needs to be in place quite soon, if this isn't going to become a massive headache.
I'll also be in Vienna for the Open Source Summit Europe in a few weeks, and at the London Perl Workshop in October where I'll share some of the ongoings.
Please reach out if you'd like to meet up and chat! :)
With that said, CPANSec has waaay to few people volunteering, so if this topic is near to your heart, please volunteer! You can find all you need on the CPANSec website: https://security.metacpan.org/
— Salve J. Nilsen
In reply to Re: Software Bill of Materials (SBOM) in Perl and CPAN
by sjn
in thread Software Bill of Materials (SBOM) in Perl and CPAN
by mldvx4
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |