-
### Current Behavior:
(1) PUT /v1/component/project/{uuid} method does not give you token to know if the component is being processed or not.
(2) GET /v1/vulnerability/component/{uuid} method retur…
-
As part of the US national cybersecurity executive order, there are certain security practices that organizations need to enforce. One such is the Software Bill of Materials (SBOM) as detailed in sect…
-
## Assessments results on discrepancy of SBOM ecosystem and some suggestions
### Background
As SBOM can be widely used in software software chain management, the capability and issues within S…
-
### Proposal
We run prometheus in our FedRAMP environment and use various container scanning tools like ECR, trivy/clair, and snyk to scan containers for vulnerabilities. These tools have trouble or …
-
Temurin builds are now producing SBOM artifacts, eg. https://github.com/adoptium/temurin18-binaries/releases/download/jdk18u-2022-06-30-09-20-beta/OpenJDK18U-sbom_x64_linux_hotspot_2022-06-29-23-30.js…
-
### Describe the issue
the inspector2 `create-sbom-export` page (https://docs.aws.amazon.com/cli/latest/reference/inspector2/create-sbom-export.html) has no example in it
Examples in the CLI page…
-
http://quizquadblocks.sfractal.com:4000/.well-known/sbom
https://jupiterone.com/sbom/
https://github.com/spdx/spdx-examples
https://github.com/CycloneDX/bom-examples
Daggerboard
Zephyr
Syft grype
…
-
During the meeting on 2024-03-12 a topic came up about how we could work together with other groups, especially government groups, to amplify what we are all doing. The notes from the meeting are belo…
-
Having some examples of generating provenance for artifacts other than packages or binaries would demonstrate that the generic workflow can be used to generate provenance for files like SBOMs, sarif f…
-
**What would you like to be added**:
A Package Url from the docker image is missing in the generated SBOM.
Could you please provide the purl for the root component (metadata.component.purl)?
Here…