Did you know there’s more than Python code included in Python packages? This might be a surprise, especially if you’ve inspected your list of dependencies and only found exactly what you've pip-installed. There's something else lurking in the dark corners of your virtual environments.
Modern software systems are complex, graph-like, and difficult to measure by both humans and our tools. Luckily there’s an answer: Software Bill-of-Materials (SBOMs). SBOMs can describe any amalgamation of Python, C, C++, Rust, and JavaScript in your Python application which enables static code analysis, license compliance, vulnerability management, and complying with new security regulations.
By the end of this talk you'll know what Software Bill-of-Materials documents are, why they are useful, and what you need to do when someone asks for one!