-
-
RKE2 images will be published to the rancher prime registry and signed with cosign. Additionally, images are to include an SBOM manifest provided by docker buildx.
Build pipelines in the image-buil…
-
- https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom
- https://oras.land/blog/oras-0.14-and-future/#attach-the-sbom-to-this-image
We can use the OR…
-
Ref https://github.com/ossf/sbom-everywhere/blob/main/reference/sbom_naming.md
> 2. Directory Structure:
>
> Store SBOM files in a dedicated directory, separate from the source code. This might b…
-
I have a couple of usability suggestions that might be worth implementing
- If we are using the discovery mode, i.e do not provide `kind`, and ends up falling back to `artifact` kind, we should exp…
-
I worked on https://github.com/wmichalska/CreditManager repository to validate the build SBOM and below are my findings.
1. There are in total 119 dependencies obtained from the Maven Dependency Li…
-
**Is your feature request related to a problem? Please describe.**
As a feature to support a more secure software supply chain, Thoth should generate a [SBOM](https://en.wikipedia.org/wiki/Software_b…
goern updated
2 years ago
-
### Summary of the new feature / enhancement
> As a user, I want to define default behaviors/options for `dsc` so that I don't need to pass the options to every invocation or define a function to do …
-
## Issue Description
As the Platform Product Team,
We need a better inventory of our tools, versions and features that are used,
So that we can better manage and report on what is used and how
Since …
-
Given a set of [VEX statements](https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#the-vex-statement), which represents status assessments relative to a vulnerability matched with a product, it…