FOSDEM 2026

"C/C++ Build-time SBOMs with pkgconf" ( 2026 )

Sunday at 15:30, 30 minutes, UD2.208 (Decroly), UD2.208 (Decroly), SBOMS and supply chains Ariadne Conill , slides , video

Build-time SBOMs for traditional C/C++ applications have historically been difficult to generate. To improve this situation, we have been extending pkgconf to support generating high-quality build-time SBOMs, as the pkg-config database already understands all of the build dependency relationships needed for a build-time SBOM. This talk is intended to be a walk through using the new pkgconf 3.x SBOM tools to generate a high quality build-time SBOM for a project.

2026

0.57 "Enhancing Swift’s Supply Chain Security: Build-time SBOM Generation in Swift Package Manager"
0.53 "Describing Nix closures using SBOMs"
0.53 "Generating SBoMs for BuildStream projects"
0.52 "How to create the SBOM for the Linux kernel"
0.51 "LibreOffice and Collabora Online - how we managed to automate SBOM generation for a large legacy project"
0.50 "SBOMs for Embedded Firmware: The Zephyr RTOS Case Study"

2025

0.58 "Struggles with making SBOMs for C apps"
0.52 "Lessons learned from integrating SBOM in a supply chain"

2024

0.52 "12 months of SBOMs - an experience report"
0.50 "SBOMs that you can trust - the good, the bad, and the ugly"

Related: