Re: Software Bill of Materials (SBOM) anyone?

[Valentin Gagarin]

> Has anybody created Software Bill of Materials (SBOM) files before?

There's a Nix package: https://search.nixos.org/packages?show=gnunet

Which means you can either use built-in tools to display the set of Nix 
derivations that go into that:

Install Nix:

    curl -L https://nixos.org/nix/install | sh -s -- --daemon

Build GNUnet locally (may take a while):

    storePath=$(nix-build '<nixpkgs>' -I 
nixpkgs=channel:nixpkgs-unstable -A gnunet --no-out-link)

Display the dependency graph:

    nix-store --query --tree $storePath

Draw the graph:

    nix-shell -p graphviz --run "nix-store --query --graph $storePath | 
dot -Tpng > deps.png"

Or use an external tool. Genealogos 
(https://github.com/tweag/genealogos) promises to output a CycloneDX 
compliant format (may take another while):

   nix run --extra-experimental-features "flakes nix-command" 
github:tweag/genealogos -- nixpkgs#gnunet