-
**Describe the bug**
Dependencies are important to display the dependency graph i.e. in Dependency-Track.
I attached two sbom files.
rollup-plugin-sbom.json is created using plugin
cyclonedx-npm.…
-
from anonymous - 'I'd want to have smarter checks that understand the composition of our software too though. For example, every RPM manifest should have an SRPM package and a set of binary, arch-spec…
-
A [SBOM](https://www.cisa.gov/sbom) is a nested inventory; a list of ingredients that make up software components.
This epic tracks the work to support providing a [SPDX formatted](https://spdx.git…
-
When talking about GUAC, a common issue that pops up is that it's hard to find your vulnerabilities or legal information in a specific SBOM. Currently, to find this, the user would have to make multip…
-
We [validate SBOM formats in libcnb](https://github.com/buildpacks/libcnb/blob/main/build.go#L393), but this only takes into consideration the core mime type, not any additional parameters/specifiers.…
-
### Current Behavior
I collected the sbom of all rpm packages in the CentOS system through the syft(https://github.com/anchore/syft) tool, the format of the sbom file is cyclonedx-json, then I upload…
-
The timeout of 30 seconds is a bit too short for larger projects:
```log
##[debug]Retrieving license information for 500 components...
##[warning]Error encountered while fetching license informat…
-
### Description
The LICENSE.md file is missing in the released packages and is not shipped.
This prevents SBOM generation tools from collecting evidences for Copyright or Original Licenses.
###…
-
- [ ] upload an sbom
- [x] text
- [ ] url
- [ ] file upload
- [x] normalize the SBOM from all of the different formats (SPDX, CyclonDX, syft, github etc)
- [x] store normalized SBOM in data…
-
Steps:
* Click the upload button
* Click the upload button on the pane
* Select an SBOM that fails
* Click the upload button on the pane again
* Select an SBOM that succeeds
The result looks…
ctron updated
3 weeks ago