Hey everyone! I'm reaching out to those of you who work on embedded projects, especially with deadlines coming up for the CRA. I'm curious about how you generate your SBOMs (Software Bill of Materials) in these setups. I came across this tool called cdxgen, but for my current project, it seems pretty limited. Often, these projects don't use proper package management and rely on submodules or even random files downloaded with curl instead of managed methods like fetching content. I'm guessing that's a common issue, as managing dependencies can be tough without tools like Conan. How do you handle this in your projects? I'd love to hear your experiences and solutions. Cheers!
2 Answers
It really depends on the tools you're using. I know both NexusIQ and GitLab have the capability to generate SBOMs, if that helps!
Yeah, embedded setups can get really messy when it comes to SBOMs. Most of the time, people end up combining different tools with custom scripts to handle things like submodules, curl downloads, and all those odd paths. Fully automating the process rarely works right out of the box. It tends to be more about creating a solid pipeline instead of just relying on one tool. You might even want to look into solutions like Runable or Claude to set things up nicely instead of patching together all sorts of fixes.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically