-
The "Dependencies" section of README.md contains a small typo. Line 246 specifies
`A crypto asset A is considered as 'used' by component C if there is a `used` dependency path from C to A.`
This…
-
Is there any ETA when 1.6 spec will be compatible with this library?
-
As discussed with @n1ckl0sk0rtge, an interesting addition to CBOM is to be able to track algorithm-specific parameters and their specification.
Example:
- NIST PQC candidates come with a pdf speci…
bhess updated
2 months ago
-
Using enums in the CBOM schema limits extensibility, an alternative is to use urns.
References:
- https://github.com/OWASP/Software-Component-Verification-Standard
- https://github.com/OWASP/Soft…
bhess updated
2 months ago
-
The documentation for 1.5-cbom-1.1 contains a proposal regarding package URLs for crypto-assets. Since crypto-assets are generally not a specific implementation that can't be linked to a specific obje…
-
running regression-wally with Verilator as the defaultsim fails on 24 test suites, mostly on floating-point suites with large signatures. These tests pass in Questa. The f tests mostly fail at result…
-
Fantastic work on CBOM. I really like how the spec has captured a lot of this data in a way that interoperates with CycloneDX.
The CycloneDX Core Working Group is busy on v1.5 of the spec to be rel…
-
`cryptoProperties` (v1.1) -> `algorithmProperties` -> `curve` is proposed as an enum. This would require an update to the CBOM schema for every new curve. Why not just use OIDs?
I went over the pro…
-
In 2.7. Software Discovery section, some information needs to be discovered by software.
How to discover the information by software?
Should we record them into specified registers?
Or, should SW…
-
Ошибка вылетает часто, но иногда метод работает.
```
"Trailers.x-tracking-id": "d28167c42e3ebe12fb8a1d5542be0207"
```
olsh updated
5 months ago