SBOMs/CVE scanning #1969
Description
spack/spack#51760 will add SBOM (Software Bill of Materials) generation to Spack, which will facilitate supply chain security and specifically scanning for known vulnerabilities. We should discuss whether and how to implement this both in CI (i.e., scan for vulnerabilities in the unified env before merging updates) and on some or all HPCs.