-
### What is the problem this feature would solve?
There is currently no proper way to automatically scan for vulnerabilities or license issues as part of a CI/CD pipeline.
### What is the feature yo…
-
### What is the version of your ORAS CLI
1.2
### What would you like to be added?
update the --format json option to include details of the image itself including digest and application type.
C…
-
### Description
I'm receiving the following error instead of a successful response when executing the command (on a private repository): `gh sbom -l | jq`
```
2023/03/16 08:42:24 non-200 OK sta…
-
I experimented with chisel and liked it, since I was able to create extremely small images based on Ubuntu 22.04.
But I also noticed, that SBOM generators (like https://github.com/anchore/syft) can…
-
My organization is now requiring SBOM's regardless of how ancient the software is. We have a massive legacy ERP system written in VB 6.0 stored in a SourceAnywhere for VSS repository. I'm trying to …
-
- [ ] upload an sbom
- [x] text
- [ ] url
- [ ] file upload
- [x] normalize the SBOM from all of the different formats (SPDX, CyclonDX, syft, github etc)
- [x] store normalized SBOM in data…
-
Hi,
In v2.2.4 the release holds *-manifest.spdx.json files for each platform. Since v2.2.5 they are not deployed as part of a release. Are they no longer required as part of the release itself?
…
-
I have an SBOM for a C# application generated by the `dotnet cyclonedx tool`. One the components has the following schema:
```json
{
"type": "library",
"bom-ref": "pkg:nuget/CsvHelper@…
-
```python
=========================== short test summary info ============================
FAILED test/test_csv2cve.py::TestCSV2CVE::test_csv2cve_valid_file - AssertionError: assert ('cve_bin_tool',…
-
The REUSE tool currently generates a SPDX software bill of materials only in the SPDX-2.1 format. As an example, [I attached the output](https://github.com/fsfe/reuse-tool/files/6849366/reuse.spdx.txt…