What would you like to be added?
I'd like to contribute SBOM generation to the release process of this project in both cyclonedx and spdx formats.
I'm part of https://github.com/CISA-SBOM-Community/SBOM-Generation thats building reference implementations for "good" SBOM generation and we thought etcd would be a great candidate.
Why is this needed?
SBOMs are becoming a common part of software releases because they provide insight into what dependencies are used in a project. This allows better vulnerability management.
What would you like to be added?
I'd like to contribute SBOM generation to the release process of this project in both cyclonedx and spdx formats.
I'm part of https://github.com/CISA-SBOM-Community/SBOM-Generation thats building reference implementations for "good" SBOM generation and we thought etcd would be a great candidate.
Why is this needed?
SBOMs are becoming a common part of software releases because they provide insight into what dependencies are used in a project. This allows better vulnerability management.