I heard from some researchers who are interested in integrating their software with PyPI and with pip. Their technology is called FASTEN. They’re holding a workshop on April 8th and Python packaging tools folks are invited.
after a quick overview of the SCA market, a demonstration of FASTEN will be given, followed by two presentations based on FASTEN user experience (from a consultancy company and from a software vendor perspectives). We have also invited the Eclipse sw360 project to talk about SBOM. At the end of the session, attendees will be able to interact with the speakers by asking questions and giving out their opinions on these subjects.
The items of most interest to Python packaging developers will probably be from 16h10 - 17h00 CET: “Demonstration of FASTEN Dependency Management tools on top of Maven”, “Integrating Software Assurance, SCA, and Fine-Grained Analysis of Ecosystems as Networks (FASTEN)”, and “FASTEN user experience from a software vendor perspective: The future of extension management in XWiki with FASTEN”.
I suggested they post here about it but they thought this forum was only for tech questions so they didn’t, so I’m doing so.