-
## Issue Description
As the Platform Product Team,
We need a better inventory of our tools, versions and features that are used,
So that we can better manage and report on what is used and how
Since …
-
We may be generating a SBOM for a forked library -- given such we would want the ability to declare our provenance (pedigree? i'm not really sure what the difference is) within the build. #427 is slig…
-
Introduce VEX Support to DejaCode
- enhance data model to support a Product VEX List
- provide Export capabilities to product VEX documents that comply with industry-recognized formats
Here are…
-
Generate [Software bill of materials](https://en.wikipedia.org/wiki/Software_bill_of_materials) in the format that is already used for the package manifest, especially for the `license` field.
- [S…
-
Steps to reproduce:
1. Checkout jvm_external which contains example projects --> https://github.com/bazelbuild/rules_jvm_external
2. cd into `rules_jvm_external/examples/spring_boot`
3. Generate SB…
-
Many new fields (schema) were added to between v1.3 and v1.4 yet there are not examples that ref. v1.4.
In addition, we would like examples that exhibit the use of many of these new fields such a…
-
in https://github.com/CycloneDX/bom-examples/tree/master/VEX/CISA-Use-Cases/Case-7 boms do not contain version of the software, but vex file affects sections contain versions or version ranges (i.e. h…
-
On the trustification home screen, Even though the field does not supports complex queries it returns valid response when the user uses valid logical operators like AND, OR and NOT. But it fails when …
-
There are a couple EU laws coming, that require users to gather information of all their software dependencies in order to conduct cyber security assessments, and use this as part of managing their so…
-
More information see: https://spdx.dev/resources/use/
Example json-file see: https://github.com/spdx/spdx-spec/blob/development/v2.2.2/examples/SPDXJSONExample-v2.2.spdx.json
Seems rather easy…
wgnf updated
10 months ago