-
**What would you like to be added**:
Ensure that all SBOMs produced by Syft cover the NTIA's [Minimum Elements For a Software Bill of Materials (SBOM)](https://www.ntia.doc.gov/report/2021/minimum-…
-
Hello,
It seems like the "check_dependency_relationships" test does not conform to the specification in 2.3. To my understanding, there are no requirements for an SPDX ID besides uniqueness and sta…
-
Once https://github.com/anchore/syft/issues/510 is merged, the SBOM action should be updated to include parameters to sign the SBOM and upload the image and/or attestation to a URL (eg GitHub Package …
-
Zum Beispiel in https://repo1.maven.org/maven2/de/bund/bva/isyfact/isy-security/3.0.1/isy-security-3.0.1-cyclonedx.json enthält das Feld "website, url" die Adresse http://isyfact.de/isy-security.
D…
-
using the following command to scan
if sbom is found, trivy will use sbom instead. https://github.com/aquasecurity/trivy/blob/main/docs/docs/target/container_image.md#sbom
```sh
trivy image --…
-
### Current Behavior
The latest release of DT Frontend is v4.11.3 and the BOM is published as a [release asset](https://github.com/DependencyTrack/frontend/releases/download/4.11.3/bom.json) and al…
-
**What happened**:
I am not seeing dependencies information on CycloneDX format json files even though they are present in other formats:
SPDX file snippet:
```json
"relationships": [
…
-
[//]: # (Copyright Siemens AG, 2021. Part of the SW360 Portal Project)
[//]: # (This program and the accompanying materials are made)
[//]: # (available under the terms of the Eclipse Public License…
-
Hi,
I'm trying to compare two SBoMs generated with two different versions of trivy.
sbom-utils thinks hard for a bit and then panics with `panic: runtime error: slice bounds out of range [2004:174…
-
When I scan using an spdx sbom, I see:
```
osv-scanner scan --sbom=SBOM-report-testproject-habi-20240410_0131-clean-licenses.spdx.json --verbosity verbose
Scanned /home/paul/SBOM-report-testproje…