Tracking Issue for `sbom`

[Shnatsel]

Summary

RFC: #3553
Implementation: #13709
Documentation: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#sbom

The sbom build config allows to generate so-called SBOM pre-cursor files alongside each compiled artifact. A Software Bill Of Material (SBOM) tool can incorporate these generated files to collect important information from the cargo build process that are difficult or impossible to obtain in another way.

Unresolved Issues

• Cargo fingerprint doesn't include SBOM #15695
• Demonstrate end-to-end SBOM generation in an industry standard format using this data source
• Resolve any issues the previous point uncovers

Future Extensions

Tracking of non-Rust dependencies is explicitly out of scope for this feature.

About tracking issues

Tracking issues are used to record the overall progress of implementation.
They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions.
A tracking issue is however not meant for large scale discussion, questions, or bug reports about a feature.
Instead, open a dedicated issue for the specific matter and add the relevant feature gate label.