-
### Issue Description
SBOM flags are not respected while `podman build` command.
Meanwhile sbom options fails if wrong input.
Builds were made inside `container quay.io/containers/podman:v5`
…
-
**What happened**:
When collecting multiple BOMs with the `sbom-cataloger`, the dependency trees of the BOMs might get mixed up.
Example:
My Rust app App1 has a direct dependency `proc-macro2 1.0…
-
#### What happened:
To generate license and other data, `bom` clones the go modules it needs to tmp. It is supposed to remove them after it's done. After trying to generate an SBOM for `cilium/c…
-
Tracker for `Container Image with Python application`.
Work to be carried out in https://github.com/CISA-SBOM-Community/SBOM-Generation/pull/4
## Todo
- [x] Decide on tool for Container SBOM …
-
### Describe what should be investigated or refactored
Currently the `sboms.tar` layer contains both JSON documents and generated HTML for an "SBOM viewer" page for each of the images in the Zarf p…
-
hi,
is this project maintained?
is it possible to make this work with Yocto generated SBOMs? i have a demo using the action in https://github.com/mischief/spdx-sbom-test, with an SBOM generated …
-
In reference to https://github.com/dotnet/dotnet-docker/issues/5973
We (.NET Team) have been working closely with Canonical on Chiseled images:
- https://devblogs.microsoft.com/dotnet/announcing-dot…
-
Right now, syft isnt putting the top level package as SPDX objects
I think for now we can add a [PURL OCI reference type](https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#oci) b…
-
Hipcheck today effectively produces three artifacts with each release, each of which should have an SBOM:
- [ ] Hipcheck Docker image published to Docker Hub
Of these, the binaries are probably …
-
下記のとおりのエラーが発生する.
cyclonedxだと発生しない.
```
$ python alma_sbom.py --output-file dust --rpm-package-hash 7067dbd995e1cbfa352dc9dc565adcfa4dac252b85f02e0ee47661f7a6d219fd --file-format spdx-json
Traceb…