I’m just looking into SBOM creation for a project I work on at LF AI & Data.
I’ve seen some LF posts around sbomx, spdx sboms & tooling, such as GitHub - opensbom-generator/spdx-sbom-generator: Support CI generation of SBOMs via golang tooling.
Is there a thought that in future, support for this tool/SBOMs might feature as part of the lfx analysis/security environment ? I’m thinking in terms of reporting, analysis?
or indeed support for CycloneDX -which seems to have more (or perhaps, different) tooling options?