-
**Describe the rationale for the suggested feature.**
Troubleshoot uses `spdx-sbom-generator` whose latest release is https://github.com/opensbom-generator/spdx-sbom-generator/releases/tag/v0.0.15,…
-
**What would you like to be added**:
Users are looking to create SBOMs that meet the NTIA Minimum Fields requirements. Users typically do this through a two step process.
1. Generate an SBOM with …
-
**What would you like to be added**:
Documentation about what fields from the Syft JSON are used and for what purpose.
**Why is this needed**:
Some organizations have access to information ab…
-
**What would you like to be added**:
With https://github.com/gardenlinux/glrd we now have a way to get actively maintained release. It would be nice to get the actual differences between releases (…
-
I've noticed that this project currently does not generate a Software Bill of Materials (SBOM). An SBOM is a critical document for tracking software dependencies, ensuring compliance, and enhancing se…
-
## Background
- SBOM Tool currently only supports SPDX 2.2.
- New version (2.0.0) of Germany [**BSI TR-03183 Part 2 SBOM**](https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Stand…
-
Tried with a CycloneDX 1.5 SBOM. SBOM validated using the [CycloneDX Validator tool](https://cyclonedx.github.io/cyclonedx-web-tool/validate) but it fails to process. No idea why! Could error messages…
-
There is a concept of [SBOM](https://www.cisa.gov/sbom) that's implemented with [different standards](https://scribesecurity.com/sbom/standard-formats/#what-is-an-sbom-standard) and one of them is Cyc…
-
I have 2 SBOM files. One created with `cyclonedx-maven-plugin`
```json
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.6",
"metadata" : {
"tools" : {
"components" : [
{
…
-
The timeout of 30 seconds is a bit too short for larger projects:
```log
##[debug]Retrieving license information for 500 components...
##[warning]Error encountered while fetching license informat…