In the light of increasing importance of supply chain security, obtaining detailed and accurate Software Bills of Material (SBOMs) for software images is fundamentally important. In this talk, we will present a tool called SBOM Resolver which generates detailed SBOMs for Alpine software images. It specifically leverages meta-data from the Alpine package management system to resolve all dependencies of a list of desired packages and enhances the resulting SBOM with additional information such as patches applied by the Alpine community.
The current implementation is specific to Alpine, however, this presentation aims to introduce the key concepts and based on those start a discussion of how to apply SBOM Resolver to other distributions.
Speakers: Georg Kunz