Hello,
is there an option to create a sbom of a snap package? or can list the libs and packages which are used by the snap?
Thank you
Hello,
is there an option to create a sbom of a snap package? or can list the libs and packages which are used by the snap?
Thank you
Snaps can have a manifest embedded; which will occur automatically if built on Github via the official Build action, or built on Launchpad.
It’ll sit in the $SNAP/snap/ folder, and lists all the apt-packages used in the snap. e.g: /snap/firefox/current/snap/manifest.yaml
or similar.
Not all snaps will have a manifest, and the manifest may not cover the entireity of all libraries/packages bundled, such as packages built from source rather than being pulled from the repos. Some libraries might also exist in other snaps, such as the Gnome content snaps; so although a snap may bundle the library with itself, it might actually use the version from elsewhere.