The Evolution of SBOMs in AlmaLinux

Explore the evolution of Software Bill of Materials (SBOMs) in AlmaLinux through this informative 30-minute conference talk by Matthias Kruk from Cybertrust Japan Co., Ltd. Gain insights into AlmaLinux's year-long journey of providing SBOMs for every released package, focusing on the build system's role in storing package metadata and the SBOM generation tool's function in creating SBOMs. Learn about Cybertrust Japan's contribution to adding SPDX support to the SBOM generator and the challenges faced in meeting NTIA's Minimum Elements requirements for supplying software to the US government. Discover the investigation process for collecting necessary data and implementing changes to the build system and database schema. While centered on AlmaLinux, understand how these lessons apply broadly to all RPM-based Linux distributions, providing valuable knowledge for software developers and system administrators working with Linux ecosystems.

The Evolution of SBOMs in AlmaLinux - Matthias Kruk, Cybertrust Japan Co., Ltd.