-
In reference to https://github.com/dotnet/dotnet-docker/issues/5973
We (.NET Team) have been working closely with Canonical on Chiseled images:
- https://devblogs.microsoft.com/dotnet/announcing-dot…
-
In the Microsoft.Sbom.Targets NuGet package, the MSBuild properties `UnzipGuid`, `ShortUnzipGuidFolder`, and `NugetPackageUnzip` should preferably be renamed to something that includes "Sbom", to mini…
-
**What happened**:
export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
**What you expected to hap…
-
In the guide version 1.0, we require PackageChecksum in order to comply with the "NTIA SBOM Minimum elements" for "Component Hash".
However, SPDX 2 provides two possibilities for this, PackageCheck…
-
Here is an issue regarding a recent integration effort into the .NET SDK & providing SBOMs for NuGet packages:
- [ ] https://github.com/microsoft/sbom-tool/issues/711
- [ ] https://github.com/micr…
-
I'm part of the CISA Tiger Team for [SBOM Generation](https://github.com/CISA-SBOM-Community/SBOM-Generation/). We've adopted Parlay as part of the reference implementation. It generally speaking work…
-
### Apache Airflow version
2.10.3
### If "Other Airflow 2 version" selected, which one?
_No response_
### What happened?
Looking at Airflow SBOMs such as `apache-airflow-sbom-2.10.3-python3.12.js…
-
See https://github.com/owasp-dep-scan/blint
```
blint sbom -i /path/to/apk -o bom.json --deep
```
https://www.linkedin.com/mwlite/feed/update/urn:li:activity:7228276455560876032
-
when use trivy to scan the image, got some vulnerbiltiy,
but using this sbom tool to getnerated .\_manifest\spdx_2.2\manifest.spdx.json, then run trivy sbom .\_manifest\spdx_2.2\manifest.spdx.json
re…
-
Biased I know as I am the developer and maintainer of sbom4python, but useful to add this tool which generates NTIA conformant SBOMs in both CycloneDX and SPDX formats (assuming the metadata exists wi…