-
@khalifapro
**Tool Version** v0.0.6
**Test Repo** https://github.com/node-red/node-red
**OS** Windows 10
Observed that NOASSERTION is displayed for PackageHomePage even when homepage value exis…
-
The PURLs generated from syft container plugin is not consistent with other SBOM generators like [CycloneDX Gradle plugin](https://github.com/CycloneDX/cyclonedx-gradle-plugin). The library group info…
-
Original Reporter: nvelagapudi
Environment: Not Specified
Version: Not Specified
Migrated From: http://jira.linuxfoundation.org/browse/SSB-52
spdx-sbom-generator tool version v0.0.2Test Repo that I …
-
Original Reporter: nvelagapudi
Environment: Not Specified
Version: Not Specified
Migrated From: http://jira.linuxfoundation.org/browse/SSB-64
spdx-sbom-generator tool version v0.0.3Test Repos that I…
-
Sorry if this is not the way to get support, but I saw another post sending a question and I don't know where to discuss this other than here. I will gladly accept a location to do so, if this is not …
-
**Is your feature request related to a problem? Please describe.**
We should [Detect if SBOMs generated](https://github.com/ossf/scorecard/issues/1476) (by @david-a-wheeler), and then we can scan the…
-
There are some use cases that need to communicate that a document or artifact exists and don't necessarily need to reference it from within some pre-existing in-toto statement (per https://github.com/…
-
# Description
Running the spdx-sbom-generator built with docker provided image and built locally with same Go version (Go1.16.5) calculates different hash value for every dependent package of match…
-
Can use the PoC I created https://github.com/laurentsimon/slsa-github-generator-ko
It should not be too difficult.
-
## Summary
Looking at some samples from running v0.0.5 (e.g. from running spdx-sbom-generator on itself), it looks like for the "primary" Package, the `PackageVersion:` tag appears but with no cont…