-
Even though we are setting the verbosity to values like Warning, Fatal or Error, we still see the `information` logs:
```powershell
##[information]Finished execution of the Generate workflow SBOMT…
-
### Description of the feature request:
Bazel binaries must eventually come with an SBOM. We should be building that as part of the build itself.
### What underlying problem are you trying to so…
aiuto updated
1 month ago
-
### Is your feature request related to a problem? Please describe.
In the current times we live, where software provenance is a must for software adoption in regulated environments, we need to make s…
-
**What would you like to be added**:
(Hi, loving the tool, thanks for all your efforts)
We have a pnpm monorepo using the workspaces functionality.
I am able to prepare an sbom at the top lev…
-
@coderpatros Is the project still active and accepting PRs? (I'm not sure based on the current PRs) There is some additional functionality I would like to put together.
- Add file command
- - Spec…
-
```[tasklist]
### Tasks
- [ ] Add Pedigree information to our patched products
- [ ] Verify that product SBOMs are correct in that they e.g. list hadoop as the product and not hadoop-common or similar…
-
Objective: Provide access to the original details of data imported to DejaCode.
DejaCode currently supports multiple options to import data into a Product, including:
* Import data from Scan
* L…
-
- https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom
- https://oras.land/blog/oras-0.14-and-future/#attach-the-sbom-to-this-image
We can use the OR…
-
Currently, meta-cyclonedx will add any package that is built for the target architecture to the SBOM.
This might be desirable, as the package list might be incomplete otherwise (e.g. code might "sp…
-
## Assessments results on discrepancy of SBOM ecosystem and some suggestions
### Background
As SBOM can be widely used in software software chain management, the capability and issues within S…