09-25, 16:30–16:55 (Europe/Berlin), Main Hall
While software bills of materials become of increasing value to further trust in the software supply chain, generating high quality SBOMs still poses some challenges in some ecosystems due to the lack of proper tooling or accessible build metadata. In this talk, I'll explain and demonstrate how we can leverage the static dependency graph of functional package managers like Nix to generate very precise SBOMs, that can be relevant for running a service on any linux distribution thanks to systemd portable services.
PhD student on software supply chain at Télécom Paris during the day, NixOS contributor at night.