Calls: Send in your ideas. Deadline April 1, 2024
Grant
Theme fund: NGI0 Entrust
Start: 2023-02
More projects like this
Operating Systems

Genealogos

Nix to SBOM generator targeting the CycloneDX format

With the increasing importance of understanding the software supply chain, both for security and legal purposes, it has become necessary to provide users, administrators, and developers with an accurate picture of what's in the software they use. Like with any bookkeeping task, doing that manually is cumbersome and hard to keep up to date. The better course of action is to use the information encoded within functional package management tools like Nix. With Genealogos you can generate a compliance-ready CycloneDX Software Bill of Materials (SBOM) for any package available in the nixpkgs repository or in fact from any nix flake -- and automatically keep it up to date.

  • The project's own website:

Run by Tweag

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.