-
### Current Behavior
Generate an SBOM of a docker image using syft:
`syft packages mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v.1.1.0 -o cyclonedx-json > test.json`
This will result in an SBO…
-
## Problem Statement
I'm the author of cdxgen and dep-scan.
cdxgen is a polyglot sbom generation tool from the CycloneDX community.
dep-scan is an advanced OSS audit tool with automatic priorit…
-
|Wazuh version| Component | Action type |
|---| --- | --- |
| N/A | N/A | Improve |
## Description
Currently wazuh reports all the possible vulnerabilities (good for understanding all possible s…
-
Today when you enable searching for artifact and group ID from maven central with a sha1 then this is done for all java artifacts, not just ones missing artifact and group ID https://github.com/anchor…
-
### Is your feature request related to a problem? Please describe.
Currently Zarf uses a generic `application/vnd.zarf.layer.v1.blob` to describe every layer in the OCI manifest. This is confusing …
-
Hello,
We were trying to create SBOM for our production image using [sbom-tool](https://github.com/microsoft/sbom-tool/blob/72f937bfb9dcb3fe43e2d13e4744e0c7975dad9b/docs/sbom-tool-arguments.md?plai…
-
### Description
An invalid Tag value SBOM contains large relationships and has thousands of SPDX warnings taking exponential time to verify.
### Example
To generate this issue download the attach…
-
[OWASP SCVS](https://scvs.owasp.org/scvs/v2-software-bill-of-materials/) is formalizing verification requirements for SBOMs.
sbomqs rules to test SBOM against as well output should be aligned to mee…
-
I've merged 2 SBOMs, but found that resulting SBOM doesn't contain `metadata.component` from original SBOMs.
Executed command:
```
cyclonedx-cli merge \
--input-files ${NGINX_REPORTS}/Details/An…
-
### Verification
- [X] This issue's title and/or description do not reference a single formula e.g. `brew install wget`. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/…