-
Temurin builds are now producing SBOM artifacts, eg. https://github.com/adoptium/temurin18-binaries/releases/download/jdk18u-2022-06-30-09-20-beta/OpenJDK18U-sbom_x64_linux_hotspot_2022-06-29-23-30.js…
-
A Software Bill of Materials (SBOM) provides a comprehensive inventory of all software components, dependencies, and libraries in a product, aiding in vulnerability management and compliance checks. A…
-
I have a quite specific use case:
I'm building a container which has a bunch of tools installed which is supposed to be used for CI runs.
When trying to add a SBOM during building (`docker build…
-
#### What would you like to be added:
Since the early days of [cosign](https://github.com/sigstore/cosign), attaching SBOMs to images has been a common pattern. Since `bom` can generate SBOMs of im…
-
The [SLSA requirements](https://slsa.dev/spec/v1.0/requirements#provenance-exists) define that the provenance must unambiguously identify the output package by cryptographic digest, while also describ…
-
Hello
I tested parlay with a SPDX2.3 generated from syft. The vendor property would not be added. When I generate for CycloneDx it does. I guess on the enrich_spdx.go file the supplier is missing,…
-
Include the bundle's SBOM(s) as a release artifact
-
Hi Tim,
Since BlackDuck team does not have a separate to analyze the SBOM I was not able to give you an update.
But I have one more query regarding the SBOM generated using the syf…
-
```
libmpeg2-devel:
version: 0.5.1
epoch: 0
release: 24.el9
arch: i686
pkgid(sha256?): 38f526b7a282413bc97f9d550ead8c80c4fb1fd3e99f64374fb5fd4a0c448bce
WARNING: All log mess…
-
Create a new job "Post-Build" which implements [issue](https://github.com/adoptium/ci-jenkins-pipelines/issues/548), this encompasses all post-build tasks. To this job we will then run a new job "Sign…