-
While applying [quality checks](https://github.com/interlynk-io/sbomqs) on SBOMs , I found files attached with maubot -
https://github.com/maubot/maubot/blob/master/maubot/cli/res/spdx.json.zip to b…
-
While applying [sbomqs quality checks](https://github.com/interlynk-io/sbomqs) on SBOMs, we found issues with syft-generated SBOMs.
For spdx-json, syft generates SBOMs that do not adhere to the SPD…
-
The attached sbom has a score of 0 for all component checks.
Example:
- Doc has relationships - 0.0/10.0
- Components have uniq ids 0.0/10.0
- Components have names 0.0/10.0
```
sbomqs sco…
-
Even though the `installDeps` setting defaults to true, cdxgen doesn't attempt to install packages for pip requirements for no specific reason. It does this with pipenv, bundler, composer, etc.
htt…
-
**Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by t…
-
Publishing fails when a previous version of the asset with the same name already exists in the feed
**Build**: https://dev.azure.com/dnceng/internal/_build/results?buildId=2055126&view=logs&j=30cb8…
-
While applying [sbomqs quality checks](https://github.com/interlynk-io/sbomqs) on SBOMs, we found the parser failing to parse versions with ":" in them
```
pyspdxtools_parser --file bom.nginx.spd…
-
Hello,
I have a bunch of spdx files from a yocto project, but always no packages were detected is given back. What do i do wrong, or what is wrong with the files. Can anybody help me?
bomber sc…
-
Mail to Spec List on 2023-06-28:
Dear OpenChain Specification Work Group
Jimmy Ahlberg (Ericsson, OpenChain Chair) was brainstorming with Matthew Crawford (Arm board member) and myself about pot…
-
It would be great to generate an SBOM as an artifact, maybe with Trivy?
FYI @gerardcl