I think the only large projects that presently take SBOMs seriously are Nix, Guix, and Go (non-cgo). Bootstrapping is non-trivial, but at least builds are reproducible and can be compared against existing binaries.
"Oh, just write plain C". Which compiler do you mean? GCC? LLVM/clang? On top of what OS/kernel? What firmware? Etc.
rollcat|9 months ago
"Oh, just write plain C". Which compiler do you mean? GCC? LLVM/clang? On top of what OS/kernel? What firmware? Etc.
Arnavion|9 months ago