← Back to issue list

Auto generate an SBOM?

View original Github issue

Metadata

Project
charmcraft
Number
#1013
Type
issue
State
open
Author
sed-i
Labels
Created
2023-02-03 17:18:46+00:00
Updated
2023-02-03 17:18:46+00:00
Closed

Current evaluation

No evaluation has been recorded for this issue yet.

Issue body

There is a potential threat from pip packages vendored at `pack` time. Would it make sense, to ease the scanning effort, to auto-generate an SBOM? On the other hand, `*.charm` could be manually modified between pack and upload, so perhaps it's a charmhub concern?

Evaluation history

No evaluation history available.