k8-sig's BOM #7170
-
|
Hi, I wanted to ask about the functionality relationship between ORT and https://github.com/kubernetes-sigs/bom:
Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Looks like the So bottom line, |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, you might want to update #1833 (comment) then. |
Beta Was this translation helpful? Give feedback.
Looks like the
bomtool basically accepts two types of input: containers and directories / files. Only if the directory happens to contain a Go module, package-level dependencies are determined. I.e.bomcompletely lacks ORT's package-manager support. If the directory is not a Go module, its files are being listed as part of the SPDX BOM.So bottom line,
bomrather seems to complement ORT than offering the same functionality, and eventuallybomcould be used to implement #1833.