-
## Background
There is a general push for SBOMs in the software community, especially after [the executive order](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-…
-
This is the error the tool throws trying to convert from one format to other.
`The JSON value could not be converted to CycloneDX.Spdx.Models.v2_2.ExternalRefCategory. Path: $.packages[0].externalR…
-
Generating SPDX/CycloneDX SBOMs for systems relying on Machine Learning brings in a new set of package managers (aka model registries in ML speak). We wanted to discuss the addition of those to the li…
-
What is the recommended way to attest SBOMs for multi-arch images? The documented way of generating and attesting surely doesn't work:
- First `anchore/sbom-action` generates an SBOM for a single …
-
I detected some issues that should be addressed.
-
**Owners**
• Ria Farrell Schalnat ([Pizza-Ria](https://github.com/Pizza-Ria)) – Open Source Program Manager for Hewlett Packard Enterprise and Chris Hibbard – Open Source Security Architect
**Issu…
-
**Is your feature request related to a problem? Please describe.**
Currently, all the dependencies nodes are set to `unknown` for both SPDX and CDX. This makes it impossible to determine if the dep…
-
We could document how one can use a SPDX SBOM, e.g. produced by FOSSology or another tool, and use this as a basis to add REUSE information to the covered file.
As modern SBOMs are often JSON, it s…
-
There is a concept of [SBOM](https://www.cisa.gov/sbom) that's implemented with [different standards](https://scribesecurity.com/sbom/standard-formats/#what-is-an-sbom-standard) and one of them is Cyc…
-
Hello!
I've noticed an issue with NPM package `ua-parser-js@0.7.1`. This package changed from the MIT license to AGPL in its v2.0.0 release.
I'm running `syft` to generate the SBOM for the proj…