-
**Is your feature request related to a problem? Please describe.**
DependencyTrack can display when an SBoM was last uploaded and when it was last analyzed (regardless of the upload date).
The first…
-
**What would you like to be added**:
Ensure that all SBOMs produced by Syft cover the NTIA's [Minimum Elements For a Software Bill of Materials (SBOM)](https://www.ntia.doc.gov/report/2021/minimum-…
-
**Name of the app**
fatbom
**Describe the bug**
The merged sbom built with the project is invalid.
**To Reproduce**
While applying [quality checks](https://github.com/interlynk-io/sbomqs) on …
-
# Challenge 4: Enhancing System Security in Response to Industry Breach
**As the CISO of Globoticket**, I want to implement rigorous security practices to ensure our systems are fortified against vul…
-
[Issue28](https://github.com/oasis-tcs/osim/issues/28) proposes we have a place to start defining terms.
[Issue29](https://github.com/oasis-tcs/osim/issues/29) proposes to define the term "software …
-
**What would you like to be added**:
Add the ability to shell-out to known tools such as `go` and `mvn` in order to capture more accurate build-time dependency information.
**Why is this needed**:…
-
### Ticket Contents
## Description
This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automate…
-
To support Notary v2 Signatures, and other supply chain artifacts like SBoMs which are associated with a target artifact, registries will need to support reference types.
## Timing
To support a …
-
SBOMs can specify a product in a number of different ways. For example, a SBOM can include a product as a Name, a CPE or a PURL (and possibly all three!). Whilst the quality of SBOMs is variable (and …
-
[OWASP SCVS](https://scvs.owasp.org/scvs/v2-software-bill-of-materials/) is formalizing verification requirements for SBOMs.
sbomqs rules to test SBOM against as well output should be aligned to mee…