FOSDEM 2026

"Generating SBoMs for BuildStream projects" ( 2026 )

Sunday at 16:30, 30 minutes, UD2.208 (Decroly), UD2.208 (Decroly), SBOMS and supply chains Abderrahim Kitouni , video

BuildStream is a software integration tool that allows building software aggregated from multiple sources in a single pipeline to produce a final output. This final output could be a container image, an operating system image or anything that you can write a plugin for.

In this talk, I present buildstream-sbom. It's a tool that extracts information from a BuildStream project and uses it to generate an SPDX-formatted SBoM. I also discuss the issues that I had translating from BuildStream concepts to SPDX.

2026

0.56 "Enhancing Swift’s Supply Chain Security: Build-time SBOM Generation in Swift Package Manager"
0.55 "How to create the SBOM for the Linux kernel"
0.54 "Deutsche Bahn's Approach to Large-Scale SBOM Collection and Use"
0.53 "The day in a life of a SBOM"
0.53 "A semantic framework for modelling and analysing supply chains through SBOMs"
0.53 "C/C++ Build-time SBOMs with pkgconf"
0.52 "CRA-Ready SBOMs: A Practical Blueprint for High-Quality Generation"

2025

0.54 "Lessons learned from integrating SBOM in a supply chain"
0.52 "A retrospective on Google’s SBOM implementation"

2024

0.53 "12 months of SBOMs - an experience report"

Related: