EOL is another worry of a developer (like CVE or license compliance). I think creating a blade which will cover this subject.
today a source which can provide some information is https://endoflife.date/
I checked and they are working on creating even an offline database. I think this direction can be interesting, both on OS distributions or packages.
Maybe it can be part of another tool.
xeol which is an open source based on grype\syft, is not maintained frequently enough.
Taking syft SBOM and sending it to another tool to find EOL can be helpful.
What do you think?
A post was merged into an existing topic: August 29th | Open Source Gardening | Live Stream