Seth LarsonDec 23

PEP 770 was accepted in April of this year, what has happened since then?

* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packages

Read more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat

#Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

PEP 770 Software Bill‑of‑Materials (SBOM) data from PyPI, Fedora, and Red Hat

This year I authored PEP 770 which proposed a new standardized location for Software Bill-of-Materials (SBOM) data within Python wheel archives. SBOM data can now be stored in (package)-(version).d...

sethmlarson.dev