Software Bill of Materials (SBOM) is becoming a basic requirement in software procurement. It would be very powerful if Open Horizon could also support SBOM data to control deployment through policies. This would be a great opportunity to lead the industry in supporting SBOM information to manage deployment of software. I don't think any of our competitors could as easily support this.
Currently SBOM information can be saved in policy properties using `list-of-string` data type, and can be tested with the `in` operator, but this is crude. It would be much more powerful if generalized JSON (such as the popular CycloneDX SBOM JSON format) would be supported as a property type and if JSON operators (e.g., similar to those you can use with the `jq` command) could be used in the constraint language to control deployment based on SBOM information.
If this feature is provided it will be much easier for developers to add SBOM information in service policy properties in JSON form, and to test against SBOM information in deployment policy constraints.
I think no CLI changes are required but policy syntax would need to be expanded to support this.
None