-
When merging multiple SBOMs and specifying the `--name` and `--version` arguments, then the top level components of the SBOMs must be added to the components list of the new merged SBOM. However, if …
-
The REUSE tool currently generates a SPDX software bill of materials only in the SPDX-2.1 format. As an example, [I attached the output](https://github.com/fsfe/reuse-tool/files/6849366/reuse.spdx.txt…
-
I have an SBOM for a C# application generated by the `dotnet cyclonedx tool`. One the components has the following schema:
```json
{
"type": "library",
"bom-ref": "pkg:nuget/CsvHelper@…
-
**Describe the bug**
On a self-hosted instance of DejaCode, it appears that the current main branch of DejaCode does not scan individual packages after loading the SBOM. This feature seems to work on…
-
The build stage of the pipeline generates SBOMs using this logic:
https://github.com/dotnet/docker-tools/blob/9791b1592829efbcd4da15a4aabed083b66615b7/eng/common/templates/jobs/build-images.yml#L12…
-
Hi everyone,
I would like to use this great tool for scanning C/C++ language.
I already know how to scan C/C++ lanuage from github commit hash.
From [osv-scanner document](https://google.gi…
-
#### Summary
"A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredi…
-
Add support to score SBOM generated in SWID format
> SWID tags can be used as an SBOM, since they provide identifying information for a software
> component, a listing of files and cryptographic…
-
| Attribute | Implmented? |
|---|---|
| Security Insights Verified | |
| Open Source Project (Y/N) | |
| Open Source Foundation (CNCF, Apache, CDF) | |
| License File | |
| Readme File | |
| …
-
**Description**
I'm trying to copy images from a third-party registry to our private ECR, but keep getting hung up on errors like the following
```shell
$ cosign copy $SRC_IMAGE $DEST_IMAGE…