Pinned

1. Post-modern Linux packaging: additio...

   1

   # Post-modern Linux packaging: additional reading

   2

   3

   ## Summary

   4

   5

   This document compiles 2018 coverage around post-modern packaging technologies for Linux, including packaging formats like Snaps and Flatpaks, systems like Nix and Guix and full distros such as Atomic or Clear Linux.

2. apt-sbom.md

   1

   # Conceptual SBOM model for an APT-based Linux distribution

   2

   3

   This is a draft of an entirely exploratory learning exercise to generate SBOMs from first principles that can accompany an APT-based Linux distribution, which in this context is either a disk or a container image obtained from any source including runtime instances, packaged images, debootstraps, etc. Input and comments welcome: [Twitter](https://twitter.com/bureado) and also on the CNCF, CycloneDX, CDF, Sigstore and other Slacks.

   4

   5

   ## Status

3. AevaOnline/supply-chain-synthesis Public

   Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.

   17 1

4. awesome-software-supply-chain-security Public

   A compilation of resources in the software supply chain security domain, with emphasis on open source

   27