Generate a Software bill of materials in CI/CD Pipeline

[vidyambala]

Benefit/Result/Outcome

An SBOM is useful to producers and consumers of software, as it provides software transparency, software integrity, and software identity benefits. Here is a bit about each:

Software transparency: SBOMs provide a list of ingredients used in the creation of a piece of software, such as open source software, components, and potentially even build tools. This enables producers and consumers to better inventory and evaluate license and vulnerability risk.
Software integrity: While code signing is still the industry standard for trusting software and its integrity, SBOMs contain package and file checksums to enable consumers to validate the hashes, which can be useful in scenarios when signatures aren’t present.
Software identity: When vulnerabilities (CVEs) are created, they are assigned to a Common Platform Enumeration (CPE) identifier, which can have issues attributing a CPE to a specific piece of software. Software IDs within SBOMs provide a much more accurate way to identify software.

Description

Write a description of how the outcome might be achieved.

Acceptance Criteria

Level of Effort : M-L

Use the T-Shirt sizing "XS, S, M, L, XL, XXL" scale to estimate the level of effort to complete this issue. XS is 1/2 day effort, S is a single day effort, etc.