conference logo

Playlist "All Systems Go! 2024"

Portable software bills of materials with Nix and systemd portable services

Julien Malka

While software bills of materials become of increasing value to further trust in the software supply chain, generating high quality SBOMs still poses some challenges in some ecosystems due to the lack of proper tooling or accessible build metadata. In this talk, I'll explain and demonstrate how we can leverage the static dependency graph of functional package managers like Nix to generate very precise SBOMs, that can be relevant for running a service on any linux distribution thanks to systemd portable services.

Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/