Phoronix is a leading source for Linux hardware reviews, benchmarking, and open-source news. With  performance analysis, hardware testing, and coverage of the latest developments in the Linux ecosystem, Phoronix provides  insights for Linux enthusiasts, developers, and system administrators, helping them make informed decisions about hardware compatibility, performance optimization, and software selection.

Phoronix

A proposed patch for the Linux kernel introduces an SPDX SBOM generation tool that creates three JSON documents describing build outputs, source files with licensing information, and the build process linking them together. The optional tool, enabled via CONFIG_SBOM, runs after the build and reconstructs the dependency graph from kernel images and modules back to source files using Kbuild's .cmd files. This aims to improve software supply chain transparency, license compliance, and vulnerability management.

SPDX SBOM Generation Tool Proposed For The Linux Kernel