-
Objective: Provide access to the original details of data imported to DejaCode.
DejaCode currently supports multiple options to import data into a Product, including:
* Import data from Scan
* L…
-
Currently, meta-cyclonedx will add any package that is built for the target architecture to the SBOM.
This might be desirable, as the package list might be incomplete otherwise (e.g. code might "sp…
-
```[tasklist]
### Tasks
- [ ] Add Pedigree information to our patched products
- [ ] Verify that product SBOMs are correct in that they e.g. list hadoop as the product and not hadoop-common or similar…
-
# Challenge 4: Enhancing System Security in Response to Industry Breach
**As the CISO of Globoticket**, I want to implement rigorous security practices to ensure our systems are fortified against vul…
-
### Describe the feature
NodejsFunction construct in CDK for provisioning Lambdas uses esbuild to bundle the source code. This is a pattern that many follow which is in accordance with AWS guidance/…
-
There are now a bunch of front-end (CLI) tools which handle dependency resolution and installation of environments, including `rip`, `rye` (both already dropped out[^2]), and `uv`.
A key issue is …
-
In reviewing the current baseline(1) I've come across a few things that could be gaps, oversights, or perhaps were intentionally removed for some reason. I'd like the group to discuss if we want to i…
-
While discussing a PR a concern was raised about license compliance this seems to be a reasonable concern and the appropriate resolution is producing a automated bill of materials
-
The various open source projects that we use contain licenses with terms that we must adhere to. We should aggregate license notices and allow users to view them inside the app.
- https://github.co…
-
This feature is to enable running strace as part of the build, so that the SBOM can feature the complete exact build tooling and dependent libraries were used.
1. Find suitable section of SBOM form…