-
Must include:
Supplier Name
Component Name
Unique Identifier
Version String
Component Hash
Relationship
Author Name
Create using (TBD -- in process of evaluating SPDX, SWID, CyclineDX) format
![imag…
-
**What happened**:
Trivy tool had the same issue which was [raised here](https://github.com/aquasecurity/trivy/discussions/5984).
We are using syft to generate SBOMs for our Dart/Flutter project…
-
https://github.com/rust-secure-code/cargo-auditable
tmpfs updated
2 months ago
-
caused by #22
similar to
- https://github.com/CycloneDX/cyclonedx-python/issues/570
- https://github.com/CycloneDX/cyclonedx-node-npm/issues/256
----
## Is your feature request related to …
-
Documented data points here: https://github.com/defenseunicorns/uds-runtime/issues/281
Design Mockup: https://www.figma.com/design/zmKcJ9Xin7ChzyGy6RCFLe/UDS-Runtime-(UI%2FCLI)?node-id=2869-4943&t=9e…
-
**What would you like to be added**:
We would like the Dependencies section to be added to the bottom of the SBOM.
**Why is this needed**:
SBOMs need to have a Dependencies section to be valid.
**…
-
### Description
Currently there's no bom (cyclonedx 1.3) for which dependencies the appliation release itself uses.
It would be neat if either:
* a maven build could produce an output (which coul…
-
Improve https://docs.chainloop.dev/reference/policies with a How-to write custom policies, including:
* Policy template
* Rule expectations
* Rego tips
* Some examples and links to Rego playground…
-
#### What would you like to be added:
We talked about a bit of generating/signing process of SBOMs on the `sigstore` Slack channel. In this talk @SantiagoTorres and @nadgowdas made a really val…
-
I'll preface this by saying I'm by no means an expert on this topic. But SBOM is becoming a hot topic these days in the software world and I'm curious what, if anything, that means for Orchard Core.
…