Organisations and developers increasingly need to know exactly what's in the software they depend on. SBOMs (Software Bill of Materials) are the standard answer, a machine-readable inventory of a package's components and dependencies. RubyGems.org currently has no native SBOM support: maintainers can't publish SBOMs with their gems, and consumers have no way to access them from the registry.
This initiative adds SBOM support to the RubyGems ecosystem, giving maintainers a way to publish SBOMs alongside gem releases, and giving consumers and automated tooling a way to access them.
Done when:
Organisations and developers increasingly need to know exactly what's in the software they depend on. SBOMs (Software Bill of Materials) are the standard answer, a machine-readable inventory of a package's components and dependencies. RubyGems.org currently has no native SBOM support: maintainers can't publish SBOMs with their gems, and consumers have no way to access them from the registry.
This initiative adds SBOM support to the RubyGems ecosystem, giving maintainers a way to publish SBOMs alongside gem releases, and giving consumers and automated tooling a way to access them.
Done when: