-
I have a quite specific use case:
I'm building a container which has a bunch of tools installed which is supposed to be used for CI runs.
When trying to add a SBOM during building (`docker build…
-
Hi Tim,
Since BlackDuck team does not have a separate to analyze the SBOM I was not able to give you an update.
But I have one more query regarding the SBOM generated using the syf…
-
Hey folks, it looks like there's an interoperability issue between Buildpacks and Cosign tooling. As an end user, I would like :
`pack sbom download` and `cosign download sbom` to work on any OCI art…
-
Hello
I tested parlay with a SPDX2.3 generated from syft. The vendor property would not be added. When I generate for CycloneDx it does. I guess on the enrich_spdx.go file the supplier is missing,…
-
```
libmpeg2-devel:
version: 0.5.1
epoch: 0
release: 24.el9
arch: i686
pkgid(sha256?): 38f526b7a282413bc97f9d550ead8c80c4fb1fd3e99f64374fb5fd4a0c448bce
WARNING: All log mess…
-
### Current Behavior
We currently have no option to see how many `SBOM's` consumed/processed on the dashboard.
### Proposed Behavior
We do have notification channel integration that sends events ab…
-
Create a new job "Post-Build" which implements [issue](https://github.com/adoptium/ci-jenkins-pipelines/issues/548), this encompasses all post-build tasks. To this job we will then run a new job "Sign…
-
In the github release workflow, we have an Anchore SBOM Action that doesn't seem to be used further.
The SBOM that this action produces, should be pushed to Docker Hub just like the Helm chart https:…
wkoot updated
2 months ago
-
### Description
The LICENSE.md file is missing in the released packages and is not shipped.
This prevents SBOM generation tools from collecting evidences for Copyright or Original Licenses.
###…
-
### What problem are you facing?
As part of the CLO monitor requirements (see https://github.com/crossplane/crossplane/issues/3956) we need to publish a SBOM for the project.
### How could Cro…