
Gwendal Laurent developed CycloneDX SBOM generation for Erlang Rebar3 projects within the oss-review-toolkit/ort repository. He implemented the rebar3_sbom plugin, leveraging Docker and Shell scripting to automate SBOM creation and packaging through a bombom wrapper. The workflow incorporated cosign-based signature verification, ensuring the integrity of generated SBOMs and supporting secure dependency management. This solution addressed the need for transparent supply chain practices in Erlang ecosystems and enabled integration with SBOM-driven pipelines, such as future package manager plugins. Gwendal’s work demonstrated depth in Docker, Erlang, and SBOM generation, focusing on robust automation and security for open source projects.
December 2025: Delivered CycloneDX SBOM generation for Rebar3 projects in oss-review-toolkit/ort. Implemented the rebar3_sbom plugin and bombom-based packaging to generate CycloneDX SBOMs from Erlang/Rebar3 projects, with cosign-based signature verification to ensure integrity. This enhances dependency management, security verification, and supply chain transparency for Erlang ecosystems and enables downstream integration with SBOM-driven pipelines (e.g., package manager plugins). The change is represented by the commit 5fbed8c69bb61a51b3dab3e007a844f312ba9201, which includes docker-based integration and comprehensive messaging about the workflow.
December 2025: Delivered CycloneDX SBOM generation for Rebar3 projects in oss-review-toolkit/ort. Implemented the rebar3_sbom plugin and bombom-based packaging to generate CycloneDX SBOMs from Erlang/Rebar3 projects, with cosign-based signature verification to ensure integrity. This enhances dependency management, security verification, and supply chain transparency for Erlang ecosystems and enables downstream integration with SBOM-driven pipelines (e.g., package manager plugins). The change is represented by the commit 5fbed8c69bb61a51b3dab3e007a844f312ba9201, which includes docker-based integration and comprehensive messaging about the workflow.

Overview of all repositories you've contributed to across your timeline