-
Currently there are are [SBOM](https://github.com/CycloneDX/bom-examples/tree/master/SBOM) CycloneDX examples of version
-
The SBOM Catalog's [contributing docs](https://github.com/ossf/sbom-everywhere/tree/main/SBOM-Catalog/contribute.md) don't mention the *Language* field that appears in `data.yaml`. From existing entri…
-
### What is the current behavior?
The current rules do not expose a `PackageInfo` from targets generated from npm imports
### Describe the feature
When constructing an SBOM, one of the key things w…
-
See https://github.com/CycloneDX/bom-examples/tree/master/VEX.
VEX and SBOM should be separate from each other.
-
### Current Behavior
In our Production environment we have observed that alerts for vulnerabilities are being triggered based on outdated versions of dependencies that have already been patched. Thes…
-
Add support for sbomqs to read sboms present in the url.
-
As a working example, I am going to reference the following area of code, but I believe it is possible to run into this in any area that the library is parsing an `Option` field: https://github.com/Cy…
-
Some Maven libraries publish shaded artifacts that contain many if not all their dependencies.
Since it is impossible to guess which artifacts were shaded from the POM file alone, the CycloneDX plu…
-
**What happened**:
When running `syft` against a project using Swift Package Manager and a version 3 Package.resolved file, an error occured (`error=unknown swift package manager version, 3.000000 …
-
Add support to score SBOM generated in SWID format
> SWID tags can be used as an SBOM, since they provide identifying information for a software
> component, a listing of files and cryptographic…