-
**Description**
I'm trying to copy images from a third-party registry to our private ECR, but keep getting hung up on errors like the following
```shell
$ cosign copy $SRC_IMAGE $DEST_IMAGE…
-
**What happened**:
For the following package, the licenseDeclared is not as per the SPDX license list https://spdx.org/licenses/
```
{
"name": "libbsd",
"SPDXID": …
-
loadtest [revealed](https://gist.github.com/JimFuller-RedHat/f16a67f4e08c5699dc78e0b2ff97bd39)
```
Slowest page load within specified percentile of requests (in ms):
--------------------------…
-
Some Maven libraries publish shaded artifacts that contain many if not all their dependencies.
Since it is impossible to guess which artifacts were shaded from the POM file alone, the CycloneDX plu…
-
Once https://github.com/anchore/syft/issues/510 is merged, the SBOM action should be updated to include parameters to sign the SBOM and upload the image and/or attestation to a URL (eg GitHub Package …
-
**What would you like to be added**:
Ensure that all SBOMs produced by Syft cover the NTIA's [Minimum Elements For a Software Bill of Materials (SBOM)](https://www.ntia.doc.gov/report/2021/minimum-…
-
The documentation isn't clear on this, so I'd like to ask what the _merge-vex_ command is for.
The documentation simply states:
> This command requires two input files, a SBOM and a VEX file that …
-
using the following command to scan
if sbom is found, trivy will use sbom instead. https://github.com/aquasecurity/trivy/blob/main/docs/docs/target/container_image.md#sbom
```sh
trivy image --…
-
Importing an SBOM into a DejaCode Product can be disappointing if the SBOM does not have much license information. A nice feature would be to provide a new command option to "Improve Packages from Pur…
-
[//]: # (Copyright Siemens AG, 2021. Part of the SW360 Portal Project)
[//]: # (This program and the accompanying materials are made)
[//]: # (available under the terms of the Eclipse Public License…