I discovered seL4 at a conference I’m currently attending and it looks really interesting. Seems it would play nicely with usecases proposed around SBOMs (software bill of materials) at https://www.ntia.gov/sbom. Any possibility a cycloneDX (or SWID or SPDX) SBOM has been created for any version of seL4, or better yet that it is built into the build process? If so, I’d like to include in the corpus being built up by that group. If not, would anyone consider add SBOM as a feature?
will generate a full bill of materials. The
reuse tool is available from GitHub - fsfe/reuse-tool: The tool for checking and helping with compliance with the REUSE recommendations
The same is now true for the other repositories under the seL4 GitHub organisation, i.e. the libraries and component platform on top of seL4 that the seL4 foundation provides. The SPDX information is checked as part of the build process, i.e. all repositories should be compliant and be able to generate that bill of materials.