Also generate SPDX SBOM #48

Open
opened 12 months ago by max.mehl · 0 comments
Owner

A potential feature could be that we run reuse spdx after each lint, and offer this file (so a SPDX software bill of materials) for download on the info page.

This may slightly increase load on our worker machine, and some extra traffic on api.reuse.software. But since it's plain text, that will probably be marginal.

A challenge would be to somehow get the SBOM to the API, and find a clever way to store it there. Right now, we only take the lint output (so basically the output via SSH and its exit code).

Accessing the SBOM from the database may be easiest and most secure, but also the most performant?

A potential feature could be that we run `reuse spdx` after each lint, and offer this file (so a SPDX software bill of materials) for download on the info page. This may slightly increase load on our worker machine, and some extra traffic on api.reuse.software. But since it's plain text, that will probably be marginal. A challenge would be to somehow get the SBOM to the API, and find a clever way to store it there. Right now, we only take the lint output (so basically the output via SSH and its exit code). Accessing the SBOM from the database may be easiest and most secure, but also the most performant?
max.mehl added the
enhancement
label 12 months ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.