Pfendtner Steffen <s.pfendt...@ads-tec.de> [2022-10-18 14:38:56]: Hi,
> We decided to publish our internal fork of the Timesys SBOM Tool we found on > github. You find our version at: https://github.com/ads-tec/sbom-openwrt thanks for sharing! BTW I took that output and drafted first version[1] by extending current image/package metadata handling. Its not finished, not ideal, but looks somehow usable already. Feedback welcome. Hauke Mehrtens <ha...@hauke-m.de> [2022-10-25 00:32:21]: > Nice tool, do you have some "demo" output for a recent OpenWrt release > somewhere? BTW its really quite easy to setup[2] for toying purposes: curl -LO https://dependencytrack.org/docker-compose.yml docker-compose up -d then wait a bit for init and head to http://localhost:8080 > One advantage of uscan from my point of view is that I just have to open a > website to see the results for OpenWrt master and the maintained branches > and do not have to run some scripts and install some tooling myself. In the long term it would be perhaps nice to have DependencyTrack running at sca.openwrt.org, feeded automatically from buildbot. 1. https://github.com/openwrt/openwrt/pull/13800 2. https://docs.dependencytrack.org/getting-started/deploy-docker/#quickstart-docker-compose Cheers, Petr _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
