-
### Current Behavior
Dependency-Track supports Service BOMs. From the CycloneDX website:
>SaaSBOMs compliment Infrastructure-as-Code (IaC) by providing a logical representation of a complex syste…
-
**Problem**
The SBOM community has identified multiple types of SBOM:
Software Bill of Materials (SBOM) -- the default of course
Software-as-a-Service Bill of Materials (SaaSBOM)
Hardware Bill o…
-
Something that is becoming increasingly clear is the SaaS vendors selling SBOM insight views on their "platforms." I won't begin naming names just yet.
Given the maturity of this repo and effort, …
-
So it dawned on me, that say you wanted to represent not just your application, but the external dependencies for it (so, the miraculous things that happen in AWS, GCP, etc...), I wasn't entirely sure…
-
Just thinking about how we should be requesting the fixed OpenJDK vulnerability information from upstream. We want it in machine readable format, with a consideration of publishing it from Adoptium fo…
-
in https://github.com/CycloneDX/bom-examples/tree/master/VEX/CISA-Use-Cases/Case-7 boms do not contain version of the software, but vex file affects sections contain versions or version ranges (i.e. h…
-
Comments on proposed SBOM Naming scheme
**General comment.** This looks very much like it is written from the point of view of creating a source level SBOM. As there are other SBOM types to be cons…
-
see https://github.com/CycloneDX/specification/issues/396#issuecomment-1992596992
> As a AI producer or operator, I want the ability to represent environmental concerns including energy consumption…
-
ver 9.9
1) Do I understand correctly that now the --required only function defines packages as required only because are these packages used directly? and are in evidence occurrenes
2) We found that…
-
I'm wondering that how to generate SaasBom, and I haven't found any details from the CycloneDX repository so far.
Can you please provide some example?
Thank you.