Quick open questions

(For more in-depth architectural discussions, check the ADRS)

Tooling

• Do we keep duty ?

Compliance

• Do we support both SPDX and CycloneDX SBOMs?
• How to we validate / visualize SBOMs?

Plugins

• Do we keep using pluggy or do we switch to [plux](https://github.com/localstack/plux)?
• Do we introduce a sort of registry (à la flask-super)?