-
hi,
is this project maintained?
is it possible to make this work with Yocto generated SBOMs? i have a demo using the action in https://github.com/mischief/spdx-sbom-test, with an SBOM generated …
-
Using the publis-release action with its defaults fails when building the SBOM inventory:
```
level=info msg="Adding file . to SBOM"
level=fatal msg="generating sbom: adding to SBOM: file does n…
-
Thank you for reporting a broken build! Please fill in the following details:
- **Jenkins link to the failing log:** https://ci.adoptium.net/job/build-scripts/job/jobs/job/release/job/jobs/job/jdk11u…
-
**What happened**:
When generating an SPDX for container images like Redis or Ubuntu, only package information is included, but OS information, such as Alpine or Ubuntu, is not included in the [Pac…
-
[OWASP SCVS](https://scvs.owasp.org/scvs/v2-software-bill-of-materials/) is formalizing verification requirements for SBOMs.
sbomqs rules to test SBOM against as well output should be aligned to mee…
-
## abstract
Since osv-scanner cannot support dnf package manager(https://github.com/google/osv-scanner/issues/999), and we are informed that osv-scanner can take output from syft (https://github.co…
-
My organization is now requiring SBOM's regardless of how ancient the software is. We have a massive legacy ERP system written in VB 6.0 stored in a SourceAnywhere for VSS repository. I'm trying to …
-
## Description
Syft offers the following two flags which could be useful for populating metadata on how an SBOM was generated
```
--source-name string set the name of…
-
### Description
Tutorials are provided.
The command as in the tutorial outputs SBOM, but if I set output to --cyclonedx, it does not output the correct SBOM.
### How To Reproduce
tutoria…
-
Currently we change the `coypright` via `amend` for every component (if the flag is provided) and choose the [current year](https://github.com/Festo-se/cyclonedx-editor-validator/blob/a89f1f536b947882…