LiPSBOMaker: A Prototype of Multi-Stage Linux Distribution Package SBOM Generator
Modern software development often uses third-party libraries and frameworks to enhance productivity and reduce costs. As a result, software supply chain begins to take shape, with its potential risks gradually becoming apparent. To improve the traceability and transparency of the software supply chain and mitigate potential risks, the concept of Software Bill of Materials (SBOM) was introduced. While extensive research has been conducted on SBOMs for programming language ecosystems, there is a scarcity of research focused on Linux distributions. Given the fundamental role and complexity of Linux distributions, it is critical but challenging to generate high-quality SBOMs for them. To address this issue, this paper conducts two-phase work: 1) Through analyzing the characteristics of Linux distribution packages, we propose a multi-stage SBOM model specific to them; 2) Based on the SBOM model, we design and implement a tool for generating Linux distribution package SBOMs. The evaluation results indicate that our approach outperforms the state-of-the-art SBOM generation tool.
Fri 27 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:05 | Empirical StudiesTool Demonstrations / Research Papers at Cosmos Hall Chair(s): Miryung Kim UCLA and Amazon Web Services | ||
11:00 25mTalk | Fixing Outside the Box: Uncovering Tactics for Open-Source Security Issue Management Research Papers Lyuye Zhang Nanyang Technological University, Wu Jiahui , Chengwei Liu Nanyang Technological University, Kaixuan Li Nanyang Technological University, Xiaoyu Sun Australian National University, Australia, Lida Zhao Nanyang Technological University, Chong Wang Nanyang Technological University, Yang Liu Nanyang Technological University DOI | ||
11:25 25mTalk | More Effective JavaScript Breaking Change Detection via Dynamic Object Relation Graph Research Papers Dezhen Kong Zhejiang University, Jiakun Liu Singapore Management University, Chao Ni Zhejiang University, David Lo Singapore Management University, Lingfeng Bao Zhejiang University DOI | ||
11:50 15mDemonstration | LiPSBOMaker: A Prototype of Multi-Stage Linux Distribution Package SBOM Generator Tool Demonstrations Tong Qiu , Jiaxin Zhu Institute of Software at Chinese Academy of Sciences, Wei Chen Institute of Software at Chinese Academy of Sciences, Jun Wei Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
This is the main event hall of Clarion Hotel, which will be used to host keynote talks and other plenary sessions. The FSE and ISSTA banquets will also happen in this room.
The room is just in front of the registration desk, on the other side of the main conference area. The two large doors with numbers “1” and “2” provide access to the Cosmos Hall.