@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:
@dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:
@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:
@dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:
@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:
There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.
It's been mandated that software now include a SBOM (see my recent post in IT news).
Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.
Well it mentions open source specifically, but also targets close source
Ah I read the first part. It made it sound like it was only open source.
Not that anyone but the US Government will know what is actually included in any specific closed source software