-
### Description
An invalid Tag value SBOM contains large relationships and has thousands of SPDX warnings taking exponential time to verify.
### Example
To generate this issue download the attach…
-
**Name of the app**
fatbom
**Describe the bug**
The merged sbom built with the project is invalid.
**To Reproduce**
While applying [quality checks](https://github.com/interlynk-io/sbomqs) on …
-
This is really not an issue specific to this tool but in case the tool was to implement a way of doing this it would be a great contribution to the versatility of both CDX and SPDX files.
We have t…
-
From @pombredanne
We already have SBOM export (and import) options in scancode.io supporting SPDX and CycloneDX
SBOMs, and we can enrich this data using the public https://github.com/ossf/scoreca…
-
The problem I am having is that bomber does NOT find any packages in a SBOM that has been converted by the cyclonedx-node covert process. The SBOM is generated from a javascript application.
To re…
6mile updated
11 months ago
-
I want to generate SBOM in the JSON format. I used **-f** flag to do so. But not able to change the spdx (default format).
I have followed the below steps:
1. Download sbom-spdx-generator binar…
-
## Summary
SPDX SBOM Generator not working for java maven project
## Background
Provide context to the issue - provide steps to reproduce the behavior, such as:
1. Download spdx-sbom-gener…
-
## Summary
I should be able to run `spdx-sbom-generator` in a Cargo workspace.
## Background
I've just tried out `spdx-sbom-generator` in my project, but it fails as follows:
```
➜ spdx-s…
-
### Is your feature request related to a problem? Please describe.
Preserving supply chain integrity when moving artifacts downloaded from the Internet into an air-gapped environment is very challe…
-
**What happened**:
When using Syft to produce an SPDX JSON document, it looks like it uses SPDXRef values in the list of `relationships` that don't map to any element in the SPDX document.
This …