sbomnix
community
sbomnix | community | |
---|---|---|
1 | 1 | |
97 | 13 | |
- | - | |
8.8 | 3.3 | |
about 1 month ago | about 2 months ago | |
Python | ||
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sbomnix
-
Wolfi: A community Linux OS designed for the container and cloud-native era
I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention
There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.
1: https://github.com/tiiuae/sbomnix
community
-
Wolfi: A community Linux OS designed for the container and cloud-native era
You're welcome to join the regular community meeting: https://github.com/wolfi-dev/community
We do fully intend for wolfi to be a community project, but it will take some time. We do say on the home page:
>What are the plans for long-term Wolfi governance?
What are some alternatives?
cyclonedx-core-java - CycloneDX SBOM Model and Utils for Creating and Validating BOMs
images - Public Chainguard Images
attention-attention - Attention! Attention!
os - Main package repository for production Wolfi images
pipeline - A cloud-native Pipeline resource.
vulnerabilities - :rocket: A vulnerabilities database for fully-automated audits
parlay - Enrich SBOMs with data from third party services