Dear team,

Dear Team,

Some of our clients are demanding that we provide them with a SBOM (see https://en.wikipedia.org/wiki/Software_supply_chain) for our software. We are thus examining our dependencies in consequence to understand if they provide a SBOM so that we can assemble a SBOM covering the entirety of our software stack.

Could you let me know if you provide a SBOM for Prince, in any format?

Thanks in advance,

Best wishes,
Nicolas Ojeda Bar

The libraries used by Prince are listed in the documentation:

https://www.princexml.com/doc/acknowledgements/

They are also listed when you run "prince --credits".

Thanks for the quick response. Just to confirm: you do not currently provide a machine-readable SBOM file in a standard format such as SPDX or CycloneDX?

Kind regards,
Nicolas

Not yet no, I will add this to the roadmap.