Skip to content

Add structured SBOM (Software Bill of Materials) generation #3

New issue
New issue
Open
Open
Add structured SBOM (Software Bill of Materials) generation#3
Labels
enhancementNew feature or requesthelp wantedExtra attention is neededroadmapPlanned feature — not yet started
@shotwellj

Description

@shotwellj
shotwellj
opened on Feb 23, 2026

Summary

Generate CycloneDX or SPDX SBOMs for every release, covering both the Go gateway binary and the Python service dependencies. This strengthens the compliance story and is increasingly required for enterprise adoption.

Acceptance Criteria

  • SBOM generated automatically in CI on release tags
  • Covers Go modules (gateway, OTel processors) and Python packages (SDK, Episode Store, Policy Engine)
  • Published as release artifacts alongside binaries

Milestone

v0.2.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is neededroadmapPlanned feature — not yet started

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions