You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PREREQUISITE: evaluate whether hatch is able to artifact analyzable data.
see pyproject.toml, hatch.toml, any lock files? -- https://hatch.pypa.io/1.9/intro/
TODO: write a roadmap and requirements...
The text was updated successfully, but these errors were encountered:
Why not bring the wish/need/topic for CycloneDX SBOM to the @pypa/hatch team themselves, so they could implement it as a CLI tool feature and maintain it as needed.
Nowadays, package managers know that SBOM is a thing, they are waiting for a community request, to justify the effort of implementation ;-)
We, the CycloneDX team, had already good experience with this approach: community members did the first request to the ecosystems, and then we successfully supported the package manager developers and ecosystem maintainers on their way of getting CycloneDX SBOM as a first party feature.
(see npm and conan2)
If the @pypa/hatch people don't see a need for this topic or don't want to provide the feature themselves, then sure come back, so we can discuss a possible solution implemented in clonedx-python/cyclonedx-bom.
PS: the CycloneDX community is proud of their own solutions and implementations to get ecosystems enabled to do proper supply chain assessment, and we will continue doing so. We also love to see ecosystems adopting the topic. 🚀
"Hatch is a modern, extensible Python project manager."
see https://hatch.pypa.io
PREREQUISITE: evaluate whether
hatch
is able to artifact analyzable data.see
pyproject.toml
,hatch.toml
, any lock files? -- https://hatch.pypa.io/1.9/intro/TODO: write a roadmap and requirements...
The text was updated successfully, but these errors were encountered: