Also generate SPDX SBOM #48

New Issue

max.mehl · 2021-07-20T14:58:43Z

max.mehl commented

2021-07-20 14:58:43 +00:00

A potential feature could be that we run reuse spdx after each lint, and offer this file (so a SPDX software bill of materials) for download on the info page.

This may slightly increase load on our worker machine, and some extra traffic on api.reuse.software. But since it's plain text, that will probably be marginal.

A challenge would be to somehow get the SBOM to the API, and find a clever way to store it there. Right now, we only take the lint output (so basically the output via SSH and its exit code).

Accessing the SBOM from the database may be easiest and most secure, but also the most performant?

A potential feature could be that we run `reuse spdx` after each lint, and offer this file (so a SPDX software bill of materials) for download on the info page. This may slightly increase load on our worker machine, and some extra traffic on api.reuse.software. But since it's plain text, that will probably be marginal. A challenge would be to somehow get the SBOM to the API, and find a clever way to store it there. Right now, we only take the lint output (so basically the output via SSH and its exit code). Accessing the SBOM from the database may be easiest and most secure, but also the most performant?

max.mehl added the

enhancement

label 2021-07-20 14:58:43 +00:00

max.mehl referenced this issue

2023-03-21 12:10:55 +00:00

Provide SPDX SBOM for checked repos #78

max.mehl referenced this issue from reuse/api-worker

2023-03-21 13:41:46 +00:00

Make api-worker also provide SPDX SBOM #6

max.mehl closed this issue

2023-06-16 12:20:47 +00:00

Sign in to join this conversation.